Make binary curve ASN.1 work in FIPS mode.

[openssl.git] / crypto / ec / ec_ameth.c

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 12b85b6fdef7c6eaec5f6947f3828d2415fc49d8..0ce4524076f138b9986432a901ee7fc4f8124cc5 100644 (file)
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
 /* ====================================================================
@@ -59,6 +59,10 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 #include "asn1_locl.h"
 
 static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
@@ -84,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
                if (!pstr)
                        return 0;
                pstr->length = i2d_ECParameters(ec_key, &pstr->data);
-               if (pstr->length < 0)
+               if (pstr->length <= 0)
                        {
                        ASN1_STRING_free(pstr);
                        ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
@@ -503,7 +507,7 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
        ret=1;
 err:
        if (!ret)
-               ECerr(EC_F_EC_KEY_PRINT, reason);
+               ECerr(EC_F_DO_EC_KEY_PRINT, reason);
        if (pub_key) 
                BN_free(pub_key);
        if (order)
@@ -558,7 +562,7 @@ static int old_ec_priv_decode(EVP_PKEY *pkey,
        EC_KEY *ec;
        if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen)))
                {
-               ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+               ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
                return 0;
                }
        EVP_PKEY_assign_EC_KEY(pkey, ec);
@@ -577,14 +581,42 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                case ASN1_PKEY_CTRL_PKCS7_SIGN:
                if (arg1 == 0)
                        {
+                       int snid, hnid;
                        X509_ALGOR *alg1, *alg2;
                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-                       X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
-                                                       V_ASN1_NULL, 0);
-                       X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ecdsa_with_SHA1),
-                                                       V_ASN1_NULL, 0);
+                       if (alg1 == NULL || alg1->algorithm == NULL)
+                               return -1;
+                       hnid = OBJ_obj2nid(alg1->algorithm);
+                       if (hnid == NID_undef)
+                               return -1;
+                       if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                               return -1; 
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                       }
+               return 1;
+#ifndef OPENSSL_NO_CMS
+               case ASN1_PKEY_CTRL_CMS_SIGN:
+               if (arg1 == 0)
+                       {
+                       int snid, hnid;
+                       X509_ALGOR *alg1, *alg2;
+                       CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+                                                               &alg1, &alg2);
+                       if (alg1 == NULL || alg1->algorithm == NULL)
+                               return -1;
+                       hnid = OBJ_obj2nid(alg1->algorithm);
+                       if (hnid == NID_undef)
+                               return -1;
+                       if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                               return -1; 
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
                        }
                return 1;
+#endif
+
+               case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+               *(int *)arg2 = NID_sha1;
+               return 2;
 
                default:
                return -2;
@@ -593,7 +625,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
        }
 
-EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
        {
        EVP_PKEY_EC,
        EVP_PKEY_EC,
@@ -619,6 +651,7 @@ EVP_PKEY_ASN1_METHOD eckey_asn1_meth =
        ec_copy_parameters,
        ec_cmp_parameters,
        eckey_param_print,
+       0,
 
        int_ec_free,
        ec_pkey_ctrl,