return 0;
}
-static EC_KEY *eckey_type2param(int ptype, void *pval)
+static EC_KEY *eckey_type2param(int ptype, const void *pval)
{
EC_KEY *eckey = NULL;
if (ptype == V_ASN1_SEQUENCE) {
- ASN1_STRING *pstr = pval;
+ const ASN1_STRING *pstr = pval;
const unsigned char *pm = NULL;
int pmlen;
pm = pstr->data;
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
- ASN1_OBJECT *poid = pval;
+ const ASN1_OBJECT *poid = pval;
EC_GROUP *group;
/*
static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p = NULL;
- void *pval;
+ const void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
*pb = EC_KEY_get0_public_key(b->pkey.ec);
+ if (group == NULL || pa == NULL || pb == NULL)
+ return -2;
r = EC_POINT_cmp(group, pa, pb, NULL);
if (r == 0)
return 1;
return -2;
}
-static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p = NULL;
- void *pval;
+ const void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
- X509_ALGOR *palg;
+ const X509_ALGOR *palg;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
- ptype, pval, ep, eplen))
+ ptype, pval, ep, eplen)) {
+ OPENSSL_free(ep);
return 0;
+ }
return 1;
}
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
if (group == NULL)
return 0;
if (to->pkey.ec == NULL) {
to->pkey.ec = EC_KEY_new();
if (to->pkey.ec == NULL)
- return 0;
+ goto err;
}
if (EC_KEY_set_group(to->pkey.ec, group) == 0)
- return 0;
+ goto err;
EC_GROUP_free(group);
return 1;
+ err:
+ EC_GROUP_free(group);
+ return 0;
}
static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
*group_b = EC_KEY_get0_group(b->pkey.ec);
+ if (group_a == NULL || group_b == NULL)
+ return -2;
if (EC_GROUP_cmp(group_a, group_b, NULL))
return 0;
else
return 0;
}
- if (ktype != EC_KEY_PRINT_PARAM) {
+ if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
if (publen == 0)
goto err;
}
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /* stay consistent to what EVP_PKEY_check demands */
+ if (eckey->priv_key == NULL) {
+ ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+ return 0;
+ }
+
+ return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /*
+ * Note: it unnecessary to check eckey->pub_key here since
+ * it will be checked in EC_KEY_check_key(). In fact, the
+ * EC_KEY_check_key() mainly checks the public key, and checks
+ * the private key optionally (only if there is one). So if
+ * someone passes a whole EC key (public + private), this
+ * will also work...
+ */
+
+ return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /* stay consistent to what EVP_PKEY_check demands */
+ if (eckey->group == NULL) {
+ ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ return EC_GROUP_check(eckey->group, NULL);
+}
+
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
int_ec_free,
ec_pkey_ctrl,
old_ec_priv_decode,
- old_ec_priv_encode
+ old_ec_priv_encode,
+
+ 0, 0, 0,
+
+ ec_pkey_check,
+ ec_pkey_public_check,
+ ec_pkey_param_check
};
int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
{
- ASN1_OBJECT *aoid;
+ const ASN1_OBJECT *aoid;
int atype;
- void *aval;
+ const void *aval;
int rv = 0;
EVP_PKEY *pkpeer = NULL;
EC_KEY *ecpeer = NULL;
EVP_CIPHER_CTX *ctx;
int keylen;
X509_ALGOR *talg, *wrap_alg = NULL;
- ASN1_OBJECT *aoid;
+ const ASN1_OBJECT *aoid;
ASN1_BIT_STRING *pubkey;
ASN1_STRING *wrap_str;
ASN1_OCTET_STRING *ukm;