X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fec%2Fec_ameth.c;h=2beeb82707bbb5f4da8c52f33574b84095665841;hp=bc77391ef40f2568b1cf84c97268ccd4058c0819;hb=a941920514995b520e7666897347fdcdcb5bf358;hpb=3aeb93486588e7dd01379c50b8fd496d55cf8858 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index bc77391ef4..2beeb82707 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -1,59 +1,10 @@ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include @@ -61,12 +12,11 @@ #include #include #include -#ifndef OPENSSL_NO_CMS -# include -#endif +#include #include #include "internal/asn1_int.h" #include "internal/evp_int.h" +#include "ec_lcl.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); @@ -139,22 +89,22 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 0; } -static EC_KEY *eckey_type2param(int ptype, void *pval) +static EC_KEY *eckey_type2param(int ptype, const void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { - ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; + const ASN1_STRING *pstr = pval; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { - ASN1_OBJECT *poid = pval; - EC_GROUP *group; + const ASN1_OBJECT *poid = pval; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -179,13 +129,14 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) ecerr: EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { const unsigned char *p = NULL; - void *pval; + const void *pval; int ptype, pklen; EC_KEY *eckey = NULL; X509_ALGOR *palg; @@ -221,6 +172,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), *pb = EC_KEY_get0_public_key(b->pkey.ec); + if (group == NULL || pa == NULL || pb == NULL) + return -2; r = EC_POINT_cmp(group, pa, pb, NULL); if (r == 0) return 1; @@ -229,13 +182,13 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } -static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p = NULL; - void *pval; + const void *pval; int ptype, pklen; EC_KEY *eckey = NULL; - X509_ALGOR *palg; + const X509_ALGOR *palg; if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) return 0; @@ -252,40 +205,6 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto ecerr; } - /* calculate public key (if necessary) */ - if (EC_KEY_get0_public_key(eckey) == NULL) { - const BIGNUM *priv_key; - const EC_GROUP *group; - EC_POINT *pub_key; - /* - * the public key was not included in the SEC1 private key => - * calculate the public key - */ - group = EC_KEY_get0_group(eckey); - pub_key = EC_POINT_new(group); - if (pub_key == NULL) { - ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); - goto ecliberr; - } - if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { - EC_POINT_free(pub_key); - ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); - goto ecliberr; - } - priv_key = EC_KEY_get0_private_key(eckey); - if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { - EC_POINT_free(pub_key); - ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); - goto ecliberr; - } - if (EC_KEY_set_public_key(eckey, pub_key) == 0) { - EC_POINT_free(pub_key); - ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); - goto ecliberr; - } - EC_POINT_free(pub_key); - } - EVP_PKEY_assign_EC_KEY(pkey, eckey); return 1; @@ -298,15 +217,13 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { - EC_KEY *ec_key; + EC_KEY ec_key = *(pkey->pkey.ec); unsigned char *ep, *p; int eplen, ptype; void *pval; - unsigned int tmp_flags, old_flags; - - ec_key = pkey->pkey.ec; + unsigned int old_flags; - if (!eckey_param2type(&ptype, &pval, ec_key)) { + if (!eckey_param2type(&ptype, &pval, &ec_key)) { ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); return 0; } @@ -317,34 +234,31 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) * do not include the parameters in the SEC1 private key see PKCS#11 * 12.11 */ - old_flags = EC_KEY_get_enc_flags(ec_key); - tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; - EC_KEY_set_enc_flags(ec_key, tmp_flags); - eplen = i2d_ECPrivateKey(ec_key, NULL); + old_flags = EC_KEY_get_enc_flags(&ec_key); + EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS); + + eplen = i2d_ECPrivateKey(&ec_key, NULL); if (!eplen) { - EC_KEY_set_enc_flags(ec_key, old_flags); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } ep = OPENSSL_malloc(eplen); if (ep == NULL) { - EC_KEY_set_enc_flags(ec_key, old_flags); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); return 0; } p = ep; - if (!i2d_ECPrivateKey(ec_key, &p)) { - EC_KEY_set_enc_flags(ec_key, old_flags); + if (!i2d_ECPrivateKey(&ec_key, &p)) { OPENSSL_free(ep); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } - /* restore old encoding flags */ - EC_KEY_set_enc_flags(ec_key, old_flags); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { + OPENSSL_free(ep); return 0; + } return 1; } @@ -356,23 +270,7 @@ static int int_ec_size(const EVP_PKEY *pkey) static int ec_bits(const EVP_PKEY *pkey) { - BIGNUM *order = BN_new(); - const EC_GROUP *group; - int ret; - - if (order == NULL) { - ERR_clear_error(); - return 0; - } - group = EC_KEY_get0_group(pkey->pkey.ec); - if (!EC_GROUP_get_order(group, order, NULL)) { - ERR_clear_error(); - return 0; - } - - ret = BN_num_bits(order); - BN_free(order); - return ret; + return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec)); } static int ec_security_bits(const EVP_PKEY *pkey) @@ -393,7 +291,7 @@ static int ec_security_bits(const EVP_PKEY *pkey) static int ec_missing_parameters(const EVP_PKEY *pkey) { - if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL) return 1; return 0; } @@ -401,23 +299,29 @@ static int ec_missing_parameters(const EVP_PKEY *pkey) static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) return 0; if (to->pkey.ec == NULL) { to->pkey.ec = EC_KEY_new(); if (to->pkey.ec == NULL) - return 0; + goto err; } if (EC_KEY_set_group(to->pkey.ec, group) == 0) - return 0; + goto err; EC_GROUP_free(group); return 1; + err: + EC_GROUP_free(group); + return 0; } static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), *group_b = EC_KEY_get0_group(b->pkey.ec); + if (group_a == NULL || group_b == NULL) + return -2; if (EC_GROUP_cmp(group_a, group_b, NULL)) return 0; else @@ -429,89 +333,73 @@ static void int_ec_free(EVP_PKEY *pkey) EC_KEY_free(pkey->pkey.ec); } -static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) +typedef enum { + EC_KEY_PRINT_PRIVATE, + EC_KEY_PRINT_PUBLIC, + EC_KEY_PRINT_PARAM +} ec_print_t; + +static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype) { - unsigned char *buffer = NULL; const char *ecstr; - size_t buf_len = 0, i; - int ret = 0, reason = ERR_R_BIO_LIB; - BIGNUM *pub_key = NULL, *order = NULL; - BN_CTX *ctx = NULL; + unsigned char *priv = NULL, *pub = NULL; + size_t privlen = 0, publen = 0; + int ret = 0; const EC_GROUP *group; - const EC_POINT *public_key; - const BIGNUM *priv_key; if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; + ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - if (ktype > 0) { - public_key = EC_KEY_get0_public_key(x); - if (public_key != NULL) { - if ((pub_key = EC_POINT_point2bn(group, public_key, - EC_KEY_get_conv_form(x), NULL, - ctx)) == NULL) { - reason = ERR_R_EC_LIB; - goto err; - } - buf_len = (size_t)BN_num_bytes(pub_key); - } + if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) { + publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL); + if (publen == 0) + goto err; } - if (ktype == 2) { - priv_key = EC_KEY_get0_private_key(x); - if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) - buf_len = i; - } else - priv_key = NULL; - - if (ktype > 0) { - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { - reason = ERR_R_MALLOC_FAILURE; + if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) { + privlen = EC_KEY_priv2buf(x, &priv); + if (privlen == 0) goto err; - } } - if (ktype == 2) + + if (ktype == EC_KEY_PRINT_PRIVATE) ecstr = "Private-Key"; - else if (ktype == 1) + else if (ktype == EC_KEY_PRINT_PUBLIC) ecstr = "Public-Key"; else ecstr = "ECDSA-Parameters"; if (!BIO_indent(bp, off, 128)) goto err; - if ((order = BN_new()) == NULL) - goto err; - if (!EC_GROUP_get_order(group, order, NULL)) - goto err; - if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, BN_num_bits(order)) <= 0) + if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, + EC_GROUP_order_bits(group)) <= 0) goto err; - if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, - buffer, off)) - goto err; - if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, - buffer, off)) - goto err; + if (privlen != 0) { + if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0) + goto err; + if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0) + goto err; + } + + if (publen != 0) { + if (BIO_printf(bp, "%*spub:\n", off, "") <= 0) + goto err; + if (ASN1_buf_print(bp, pub, publen, off + 4) == 0) + goto err; + } + if (!ECPKParameters_print(bp, group, off)) goto err; ret = 1; err: if (!ret) - ECerr(EC_F_DO_EC_KEY_PRINT, reason); - BN_free(pub_key); - BN_free(order); - BN_CTX_free(ctx); - OPENSSL_free(buffer); - return (ret); + ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB); + OPENSSL_clear_free(priv, privlen); + OPENSSL_free(pub); + return ret; } static int eckey_param_decode(EVP_PKEY *pkey, @@ -535,19 +423,19 @@ static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM); } static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC); } static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE); } static int old_ec_priv_decode(EVP_PKEY *pkey, @@ -616,8 +504,20 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; - return 2; + if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) { + /* For SM2, the only valid digest-alg is SM3 */ + *(int *)arg2 = NID_sm3; + } else { + *(int *)arg2 = NID_sha256; + } + return 1; + + case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: + return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL); + + case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: + return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), + POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); default: return -2; @@ -626,6 +526,48 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } +static int ec_pkey_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* stay consistent to what EVP_PKEY_check demands */ + if (eckey->priv_key == NULL) { + ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY); + return 0; + } + + return EC_KEY_check_key(eckey); +} + +static int ec_pkey_public_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* + * Note: it unnecessary to check eckey->pub_key here since + * it will be checked in EC_KEY_check_key(). In fact, the + * EC_KEY_check_key() mainly checks the public key, and checks + * the private key optionally (only if there is one). So if + * someone passes a whole EC key (public + private), this + * will also work... + */ + + return EC_KEY_check_key(eckey); +} + +static int ec_pkey_param_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* stay consistent to what EVP_PKEY_check demands */ + if (eckey->group == NULL) { + ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS); + return 0; + } + + return EC_GROUP_check(eckey->group, NULL); +} + const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, @@ -657,17 +599,44 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { int_ec_free, ec_pkey_ctrl, old_ec_priv_decode, - old_ec_priv_encode + old_ec_priv_encode, + + 0, 0, 0, + + ec_pkey_check, + ec_pkey_public_check, + ec_pkey_param_check }; +#if !defined(OPENSSL_NO_SM2) +const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = { + EVP_PKEY_SM2, + EVP_PKEY_EC, + ASN1_PKEY_ALIAS +}; +#endif + +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) +{ + int private = EC_KEY_get0_private_key(x) != NULL; + + return do_EC_KEY_print(bp, x, off, + private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC); +} + +int ECParameters_print(BIO *bp, const EC_KEY *x) +{ + return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM); +} + #ifndef OPENSSL_NO_CMS static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) { - ASN1_OBJECT *aoid; + const ASN1_OBJECT *aoid; int atype; - void *aval; + const void *aval; int rv = 0; EVP_PKEY *pkpeer = NULL; EC_KEY *ecpeer = NULL; @@ -696,7 +665,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, } /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_data(pubkey); + p = ASN1_STRING_get0_data(pubkey); if (!p || !plen) goto err; if (!o2i_ECPublicKey(&ecpeer, &p, plen)) @@ -735,7 +704,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); @@ -841,7 +810,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) EVP_CIPHER_CTX *ctx; int keylen; X509_ALGOR *talg, *wrap_alg = NULL; - ASN1_OBJECT *aoid; + const ASN1_OBJECT *aoid; ASN1_BIT_STRING *pubkey; ASN1_STRING *wrap_str; ASN1_OCTET_STRING *ukm; @@ -885,7 +854,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) V_ASN1_UNDEF, NULL); } - /* See if custom paraneters set */ + /* See if custom parameters set */ kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); if (kdf_type <= 0) goto err; @@ -900,11 +869,11 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_62; + kdf_type = EVP_PKEY_ECDH_KDF_X9_63; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else - /* Uknown KDF */ + /* Unknown KDF */ goto err; if (kdf_md == NULL) { /* Fixme later for better MD */