X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fec%2Fec_key.c;h=f09edbbc05df79b143b693b02d047e9995cafdbc;hp=13324982d5768fe5d95382c395ffd83c43ee0567;hb=6ea04154dc17c37083717d8a8bb86f4bc9f0dee5;hpb=d810700b80104c349244221af9ce794294b8aeb3 diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 13324982d5..f09edbbc05 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -99,26 +99,21 @@ void EC_KEY_free(EC_KEY *r) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); -#ifdef REF_PRINT - REF_PRINT("EC_KEY", r); -#endif + REF_PRINT_COUNT("EC_KEY", r); if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) { - fprintf(stderr, "EC_KEY_free, bad reference count\n"); - abort(); - } -#endif + REF_ASSERT_ISNT(i < 0); if (r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE - if (r->engine != NULL) - ENGINE_finish(r->engine); + ENGINE_finish(r->engine); #endif + if (r->group && r->group->meth->keyfinish) + r->group->meth->keyfinish(r); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); @@ -136,8 +131,10 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src) if (src->meth != dest->meth) { if (dest->meth->finish != NULL) dest->meth->finish(dest); + if (dest->group && dest->group->meth->keyfinish) + dest->group->meth->keyfinish(dest); #ifndef OPENSSL_NO_ENGINE - if (dest->engine != NULL && ENGINE_finish(dest->engine) == 0) + if (ENGINE_finish(dest->engine) == 0) return 0; dest->engine = NULL; #endif @@ -171,8 +168,12 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src) } if (!BN_copy(dest->priv_key, src->priv_key)) return NULL; + if (src->group->meth->keycopy + && src->group->meth->keycopy(dest, src) == 0) + return NULL; } + /* copy the rest */ dest->enc_flag = src->enc_flag; dest->conv_form = src->conv_form; @@ -213,15 +214,9 @@ EC_KEY *EC_KEY_dup(EC_KEY *ec_key) int EC_KEY_up_ref(EC_KEY *r) { int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); -#ifdef REF_PRINT - REF_PRINT("EC_KEY", r); -#endif -#ifdef REF_CHECK - if (i < 2) { - fprintf(stderr, "EC_KEY_up, bad reference count\n"); - abort(); - } -#endif + + REF_PRINT_COUNT("EC_KEY", r); + REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -245,6 +240,9 @@ int ossl_ec_key_gen(EC_KEY *eckey) const BIGNUM *order = NULL; EC_POINT *pub_key = NULL; + if (eckey->group->meth->keygen != NULL) + return eckey->group->meth->keygen(eckey); + if ((ctx = BN_CTX_new()) == NULL) goto err; @@ -300,6 +298,9 @@ int EC_KEY_check_key(const EC_KEY *eckey) return 0; } + if (eckey->group->meth->keycheck) + return eckey->group->meth->keycheck(eckey); + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); goto err; @@ -456,6 +457,11 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { + if (key->group == NULL || key->group->meth == NULL) + return 0; + if (key->group->meth->set_private + && key->meth->set_private(key, priv_key) == 0) + return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) return 0; @@ -546,14 +552,27 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, key->pub_key = EC_POINT_new(key->group); if (key->pub_key == NULL) return 0; - return EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx); + if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) + return 0; + /* + * Save the point conversion form. + * For non-custom curves the first octet of the buffer (excluding + * the last significant bit) contains the point conversion form. + * EC_POINT_oct2point() has already performed sanity checking of + * the buffer so we know it is valid. + */ + if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) + key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01); + return 1; } size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len) { - size_t buf_len, bn_len; + size_t buf_len; if (eckey->group == NULL || eckey->group->meth == NULL) return 0; + if (eckey->group->meth->priv2oct) + return eckey->group->meth->priv2oct(eckey, buf, len); buf_len = (EC_GROUP_get_degree(eckey->group) + 7) / 8; if (eckey->priv_key == NULL) @@ -563,23 +582,13 @@ size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len) else if (len < buf_len) return 0; - bn_len = (size_t)BN_num_bytes(eckey->priv_key); - /* Octetstring may need leading zeros if BN is to short */ - if (bn_len > buf_len) { + if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) { ECerr(EC_F_EC_KEY_PRIV2OCT, EC_R_BUFFER_TOO_SMALL); return 0; } - if (!BN_bn2bin(eckey->priv_key, buf + buf_len - bn_len)) { - ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_BN_LIB); - return 0; - } - - if (buf_len - bn_len > 0) - memset(buf, 0, buf_len - bn_len); - return buf_len; } @@ -587,6 +596,8 @@ int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len) { if (eckey->group == NULL || eckey->group->meth == NULL) return 0; + if (eckey->group->meth->oct2priv) + return eckey->group->meth->oct2priv(eckey, buf, len); if (eckey->priv_key == NULL) eckey->priv_key = BN_secure_new(); @@ -601,3 +612,22 @@ int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len) } return 1; } + +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf) +{ + size_t len; + unsigned char *buf; + len = EC_KEY_priv2oct(eckey, NULL, 0); + if (len == 0) + return 0; + buf = OPENSSL_malloc(len); + if (buf == NULL) + return 0; + len = EC_KEY_priv2oct(eckey, buf, len); + if (len == 0) { + OPENSSL_free(buf); + return 0; + } + *pbuf = buf; + return len; +}