/src/openssl/crypto/ec/ec_pmeth.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project |
3 | | * 2006. |
4 | | */ |
5 | | /* ==================================================================== |
6 | | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions |
10 | | * are met: |
11 | | * |
12 | | * 1. Redistributions of source code must retain the above copyright |
13 | | * notice, this list of conditions and the following disclaimer. |
14 | | * |
15 | | * 2. Redistributions in binary form must reproduce the above copyright |
16 | | * notice, this list of conditions and the following disclaimer in |
17 | | * the documentation and/or other materials provided with the |
18 | | * distribution. |
19 | | * |
20 | | * 3. All advertising materials mentioning features or use of this |
21 | | * software must display the following acknowledgment: |
22 | | * "This product includes software developed by the OpenSSL Project |
23 | | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
24 | | * |
25 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
26 | | * endorse or promote products derived from this software without |
27 | | * prior written permission. For written permission, please contact |
28 | | * licensing@OpenSSL.org. |
29 | | * |
30 | | * 5. Products derived from this software may not be called "OpenSSL" |
31 | | * nor may "OpenSSL" appear in their names without prior written |
32 | | * permission of the OpenSSL Project. |
33 | | * |
34 | | * 6. Redistributions of any form whatsoever must retain the following |
35 | | * acknowledgment: |
36 | | * "This product includes software developed by the OpenSSL Project |
37 | | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
38 | | * |
39 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
40 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
41 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
42 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
43 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
44 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
45 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
46 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
48 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
49 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
50 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
51 | | * ==================================================================== |
52 | | * |
53 | | * This product includes cryptographic software written by Eric Young |
54 | | * (eay@cryptsoft.com). This product includes software written by Tim |
55 | | * Hudson (tjh@cryptsoft.com). |
56 | | * |
57 | | */ |
58 | | |
59 | | #include <stdio.h> |
60 | | #include "cryptlib.h" |
61 | | #include <openssl/asn1t.h> |
62 | | #include <openssl/x509.h> |
63 | | #include <openssl/ec.h> |
64 | | #include "ec_lcl.h" |
65 | | #include <openssl/ecdsa.h> |
66 | | #include <openssl/evp.h> |
67 | | #include "evp_locl.h" |
68 | | |
69 | | /* EC pkey context structure */ |
70 | | |
71 | | typedef struct { |
72 | | /* Key and paramgen group */ |
73 | | EC_GROUP *gen_group; |
74 | | /* message digest */ |
75 | | const EVP_MD *md; |
76 | | /* Duplicate key if custom cofactor needed */ |
77 | | EC_KEY *co_key; |
78 | | /* Cofactor mode */ |
79 | | signed char cofactor_mode; |
80 | | /* KDF (if any) to use for ECDH */ |
81 | | char kdf_type; |
82 | | /* Message digest to use for key derivation */ |
83 | | const EVP_MD *kdf_md; |
84 | | /* User key material */ |
85 | | unsigned char *kdf_ukm; |
86 | | size_t kdf_ukmlen; |
87 | | /* KDF output length */ |
88 | | size_t kdf_outlen; |
89 | | } EC_PKEY_CTX; |
90 | | |
91 | | static int pkey_ec_init(EVP_PKEY_CTX *ctx) |
92 | 0 | { |
93 | 0 | EC_PKEY_CTX *dctx; |
94 | 0 | dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); |
95 | 0 | if (!dctx) |
96 | 0 | return 0; |
97 | 0 | dctx->gen_group = NULL; |
98 | 0 | dctx->md = NULL; |
99 | |
|
100 | 0 | dctx->cofactor_mode = -1; |
101 | 0 | dctx->co_key = NULL; |
102 | 0 | dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; |
103 | 0 | dctx->kdf_md = NULL; |
104 | 0 | dctx->kdf_outlen = 0; |
105 | 0 | dctx->kdf_ukm = NULL; |
106 | 0 | dctx->kdf_ukmlen = 0; |
107 | |
|
108 | 0 | ctx->data = dctx; |
109 | |
|
110 | 0 | return 1; |
111 | 0 | } |
112 | | |
113 | | static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) |
114 | 0 | { |
115 | 0 | EC_PKEY_CTX *dctx, *sctx; |
116 | 0 | if (!pkey_ec_init(dst)) |
117 | 0 | return 0; |
118 | 0 | sctx = src->data; |
119 | 0 | dctx = dst->data; |
120 | 0 | if (sctx->gen_group) { |
121 | 0 | dctx->gen_group = EC_GROUP_dup(sctx->gen_group); |
122 | 0 | if (!dctx->gen_group) |
123 | 0 | return 0; |
124 | 0 | } |
125 | 0 | dctx->md = sctx->md; |
126 | |
|
127 | 0 | if (sctx->co_key) { |
128 | 0 | dctx->co_key = EC_KEY_dup(sctx->co_key); |
129 | 0 | if (!dctx->co_key) |
130 | 0 | return 0; |
131 | 0 | } |
132 | 0 | dctx->kdf_type = sctx->kdf_type; |
133 | 0 | dctx->kdf_md = sctx->kdf_md; |
134 | 0 | dctx->kdf_outlen = sctx->kdf_outlen; |
135 | 0 | if (sctx->kdf_ukm) { |
136 | 0 | dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); |
137 | 0 | if (!dctx->kdf_ukm) |
138 | 0 | return 0; |
139 | 0 | } else |
140 | 0 | dctx->kdf_ukm = NULL; |
141 | 0 | dctx->kdf_ukmlen = sctx->kdf_ukmlen; |
142 | 0 | return 1; |
143 | 0 | } |
144 | | |
145 | | static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) |
146 | 0 | { |
147 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
148 | 0 | if (dctx) { |
149 | 0 | if (dctx->gen_group) |
150 | 0 | EC_GROUP_free(dctx->gen_group); |
151 | 0 | if (dctx->co_key) |
152 | 0 | EC_KEY_free(dctx->co_key); |
153 | 0 | if (dctx->kdf_ukm) |
154 | 0 | OPENSSL_free(dctx->kdf_ukm); |
155 | 0 | OPENSSL_free(dctx); |
156 | 0 | } |
157 | 0 | } |
158 | | |
159 | | static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, |
160 | | const unsigned char *tbs, size_t tbslen) |
161 | 0 | { |
162 | 0 | int ret, type; |
163 | 0 | unsigned int sltmp; |
164 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
165 | 0 | EC_KEY *ec = ctx->pkey->pkey.ec; |
166 | |
|
167 | 0 | if (!sig) { |
168 | 0 | *siglen = ECDSA_size(ec); |
169 | 0 | return 1; |
170 | 0 | } else if (*siglen < (size_t)ECDSA_size(ec)) { |
171 | 0 | ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); |
172 | 0 | return 0; |
173 | 0 | } |
174 | | |
175 | 0 | if (dctx->md) |
176 | 0 | type = EVP_MD_type(dctx->md); |
177 | 0 | else |
178 | 0 | type = NID_sha1; |
179 | |
|
180 | 0 | ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); |
181 | |
|
182 | 0 | if (ret <= 0) |
183 | 0 | return ret; |
184 | 0 | *siglen = (size_t)sltmp; |
185 | 0 | return 1; |
186 | 0 | } |
187 | | |
188 | | static int pkey_ec_verify(EVP_PKEY_CTX *ctx, |
189 | | const unsigned char *sig, size_t siglen, |
190 | | const unsigned char *tbs, size_t tbslen) |
191 | 0 | { |
192 | 0 | int ret, type; |
193 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
194 | 0 | EC_KEY *ec = ctx->pkey->pkey.ec; |
195 | |
|
196 | 0 | if (dctx->md) |
197 | 0 | type = EVP_MD_type(dctx->md); |
198 | 0 | else |
199 | 0 | type = NID_sha1; |
200 | |
|
201 | 0 | ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); |
202 | |
|
203 | 0 | return ret; |
204 | 0 | } |
205 | | |
206 | | #ifndef OPENSSL_NO_ECDH |
207 | | static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, |
208 | | size_t *keylen) |
209 | 0 | { |
210 | 0 | int ret; |
211 | 0 | size_t outlen; |
212 | 0 | const EC_POINT *pubkey = NULL; |
213 | 0 | EC_KEY *eckey; |
214 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
215 | 0 | if (!ctx->pkey || !ctx->peerkey) { |
216 | 0 | ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); |
217 | 0 | return 0; |
218 | 0 | } |
219 | | |
220 | 0 | eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec; |
221 | |
|
222 | 0 | if (!key) { |
223 | 0 | const EC_GROUP *group; |
224 | 0 | group = EC_KEY_get0_group(eckey); |
225 | 0 | *keylen = (EC_GROUP_get_degree(group) + 7) / 8; |
226 | 0 | return 1; |
227 | 0 | } |
228 | 0 | pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); |
229 | | |
230 | | /* |
231 | | * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not |
232 | | * an error, the result is truncated. |
233 | | */ |
234 | |
|
235 | 0 | outlen = *keylen; |
236 | |
|
237 | 0 | ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0); |
238 | 0 | if (ret <= 0) |
239 | 0 | return 0; |
240 | 0 | *keylen = ret; |
241 | 0 | return 1; |
242 | 0 | } |
243 | | |
244 | | static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, |
245 | | unsigned char *key, size_t *keylen) |
246 | 0 | { |
247 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
248 | 0 | unsigned char *ktmp = NULL; |
249 | 0 | size_t ktmplen; |
250 | 0 | int rv = 0; |
251 | 0 | if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE) |
252 | 0 | return pkey_ec_derive(ctx, key, keylen); |
253 | 0 | if (!key) { |
254 | 0 | *keylen = dctx->kdf_outlen; |
255 | 0 | return 1; |
256 | 0 | } |
257 | 0 | if (*keylen != dctx->kdf_outlen) |
258 | 0 | return 0; |
259 | 0 | if (!pkey_ec_derive(ctx, NULL, &ktmplen)) |
260 | 0 | return 0; |
261 | 0 | ktmp = OPENSSL_malloc(ktmplen); |
262 | 0 | if (!ktmp) |
263 | 0 | return 0; |
264 | 0 | if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) |
265 | 0 | goto err; |
266 | | /* Do KDF stuff */ |
267 | 0 | if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, |
268 | 0 | dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) |
269 | 0 | goto err; |
270 | 0 | rv = 1; |
271 | |
|
272 | 0 | err: |
273 | 0 | if (ktmp) { |
274 | 0 | OPENSSL_cleanse(ktmp, ktmplen); |
275 | 0 | OPENSSL_free(ktmp); |
276 | 0 | } |
277 | 0 | return rv; |
278 | 0 | } |
279 | | #endif |
280 | | |
281 | | static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) |
282 | 0 | { |
283 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
284 | 0 | EC_GROUP *group; |
285 | 0 | switch (type) { |
286 | 0 | case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: |
287 | 0 | group = EC_GROUP_new_by_curve_name(p1); |
288 | 0 | if (group == NULL) { |
289 | 0 | ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE); |
290 | 0 | return 0; |
291 | 0 | } |
292 | 0 | if (dctx->gen_group) |
293 | 0 | EC_GROUP_free(dctx->gen_group); |
294 | 0 | dctx->gen_group = group; |
295 | 0 | return 1; |
296 | | |
297 | 0 | case EVP_PKEY_CTRL_EC_PARAM_ENC: |
298 | 0 | if (!dctx->gen_group) { |
299 | 0 | ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET); |
300 | 0 | return 0; |
301 | 0 | } |
302 | 0 | EC_GROUP_set_asn1_flag(dctx->gen_group, p1); |
303 | 0 | return 1; |
304 | | |
305 | 0 | #ifndef OPENSSL_NO_ECDH |
306 | 0 | case EVP_PKEY_CTRL_EC_ECDH_COFACTOR: |
307 | 0 | if (p1 == -2) { |
308 | 0 | if (dctx->cofactor_mode != -1) |
309 | 0 | return dctx->cofactor_mode; |
310 | 0 | else { |
311 | 0 | EC_KEY *ec_key = ctx->pkey->pkey.ec; |
312 | 0 | return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : |
313 | 0 | 0; |
314 | 0 | } |
315 | 0 | } else if (p1 < -1 || p1 > 1) |
316 | 0 | return -2; |
317 | 0 | dctx->cofactor_mode = p1; |
318 | 0 | if (p1 != -1) { |
319 | 0 | EC_KEY *ec_key = ctx->pkey->pkey.ec; |
320 | 0 | if (!ec_key->group) |
321 | 0 | return -2; |
322 | | /* If cofactor is 1 cofactor mode does nothing */ |
323 | 0 | if (BN_is_one(&ec_key->group->cofactor)) |
324 | 0 | return 1; |
325 | 0 | if (!dctx->co_key) { |
326 | 0 | dctx->co_key = EC_KEY_dup(ec_key); |
327 | 0 | if (!dctx->co_key) |
328 | 0 | return 0; |
329 | 0 | } |
330 | 0 | if (p1) |
331 | 0 | EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH); |
332 | 0 | else |
333 | 0 | EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH); |
334 | 0 | } else if (dctx->co_key) { |
335 | 0 | EC_KEY_free(dctx->co_key); |
336 | 0 | dctx->co_key = NULL; |
337 | 0 | } |
338 | 0 | return 1; |
339 | 0 | #endif |
340 | | |
341 | 0 | case EVP_PKEY_CTRL_EC_KDF_TYPE: |
342 | 0 | if (p1 == -2) |
343 | 0 | return dctx->kdf_type; |
344 | 0 | if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62) |
345 | 0 | return -2; |
346 | 0 | dctx->kdf_type = p1; |
347 | 0 | return 1; |
348 | | |
349 | 0 | case EVP_PKEY_CTRL_EC_KDF_MD: |
350 | 0 | dctx->kdf_md = p2; |
351 | 0 | return 1; |
352 | | |
353 | 0 | case EVP_PKEY_CTRL_GET_EC_KDF_MD: |
354 | 0 | *(const EVP_MD **)p2 = dctx->kdf_md; |
355 | 0 | return 1; |
356 | | |
357 | 0 | case EVP_PKEY_CTRL_EC_KDF_OUTLEN: |
358 | 0 | if (p1 <= 0) |
359 | 0 | return -2; |
360 | 0 | dctx->kdf_outlen = (size_t)p1; |
361 | 0 | return 1; |
362 | | |
363 | 0 | case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN: |
364 | 0 | *(int *)p2 = dctx->kdf_outlen; |
365 | 0 | return 1; |
366 | | |
367 | 0 | case EVP_PKEY_CTRL_EC_KDF_UKM: |
368 | 0 | if (dctx->kdf_ukm) |
369 | 0 | OPENSSL_free(dctx->kdf_ukm); |
370 | 0 | dctx->kdf_ukm = p2; |
371 | 0 | if (p2) |
372 | 0 | dctx->kdf_ukmlen = p1; |
373 | 0 | else |
374 | 0 | dctx->kdf_ukmlen = 0; |
375 | 0 | return 1; |
376 | | |
377 | 0 | case EVP_PKEY_CTRL_GET_EC_KDF_UKM: |
378 | 0 | *(unsigned char **)p2 = dctx->kdf_ukm; |
379 | 0 | return dctx->kdf_ukmlen; |
380 | | |
381 | 0 | case EVP_PKEY_CTRL_MD: |
382 | 0 | if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && |
383 | 0 | EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && |
384 | 0 | EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && |
385 | 0 | EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && |
386 | 0 | EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && |
387 | 0 | EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { |
388 | 0 | ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); |
389 | 0 | return 0; |
390 | 0 | } |
391 | 0 | dctx->md = p2; |
392 | 0 | return 1; |
393 | | |
394 | 0 | case EVP_PKEY_CTRL_GET_MD: |
395 | 0 | *(const EVP_MD **)p2 = dctx->md; |
396 | 0 | return 1; |
397 | | |
398 | 0 | case EVP_PKEY_CTRL_PEER_KEY: |
399 | | /* Default behaviour is OK */ |
400 | 0 | case EVP_PKEY_CTRL_DIGESTINIT: |
401 | 0 | case EVP_PKEY_CTRL_PKCS7_SIGN: |
402 | 0 | case EVP_PKEY_CTRL_CMS_SIGN: |
403 | 0 | return 1; |
404 | | |
405 | 0 | default: |
406 | 0 | return -2; |
407 | |
|
408 | 0 | } |
409 | 0 | } |
410 | | |
411 | | static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, |
412 | | const char *type, const char *value) |
413 | 0 | { |
414 | 0 | if (!strcmp(type, "ec_paramgen_curve")) { |
415 | 0 | int nid; |
416 | 0 | nid = EC_curve_nist2nid(value); |
417 | 0 | if (nid == NID_undef) |
418 | 0 | nid = OBJ_sn2nid(value); |
419 | 0 | if (nid == NID_undef) |
420 | 0 | nid = OBJ_ln2nid(value); |
421 | 0 | if (nid == NID_undef) { |
422 | 0 | ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); |
423 | 0 | return 0; |
424 | 0 | } |
425 | 0 | return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); |
426 | 0 | } else if (!strcmp(type, "ec_param_enc")) { |
427 | 0 | int param_enc; |
428 | 0 | if (!strcmp(value, "explicit")) |
429 | 0 | param_enc = 0; |
430 | 0 | else if (!strcmp(value, "named_curve")) |
431 | 0 | param_enc = OPENSSL_EC_NAMED_CURVE; |
432 | 0 | else |
433 | 0 | return -2; |
434 | 0 | return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); |
435 | 0 | } else if (!strcmp(type, "ecdh_kdf_md")) { |
436 | 0 | const EVP_MD *md; |
437 | 0 | if (!(md = EVP_get_digestbyname(value))) { |
438 | 0 | ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST); |
439 | 0 | return 0; |
440 | 0 | } |
441 | 0 | return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); |
442 | 0 | } else if (!strcmp(type, "ecdh_cofactor_mode")) { |
443 | 0 | int co_mode; |
444 | 0 | co_mode = atoi(value); |
445 | 0 | return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); |
446 | 0 | } |
447 | | |
448 | 0 | return -2; |
449 | 0 | } |
450 | | |
451 | | static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
452 | 0 | { |
453 | 0 | EC_KEY *ec = NULL; |
454 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
455 | 0 | int ret = 0; |
456 | 0 | if (dctx->gen_group == NULL) { |
457 | 0 | ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); |
458 | 0 | return 0; |
459 | 0 | } |
460 | 0 | ec = EC_KEY_new(); |
461 | 0 | if (!ec) |
462 | 0 | return 0; |
463 | 0 | ret = EC_KEY_set_group(ec, dctx->gen_group); |
464 | 0 | if (ret) |
465 | 0 | EVP_PKEY_assign_EC_KEY(pkey, ec); |
466 | 0 | else |
467 | 0 | EC_KEY_free(ec); |
468 | 0 | return ret; |
469 | 0 | } |
470 | | |
471 | | static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
472 | 0 | { |
473 | 0 | EC_KEY *ec = NULL; |
474 | 0 | EC_PKEY_CTX *dctx = ctx->data; |
475 | 0 | if (ctx->pkey == NULL && dctx->gen_group == NULL) { |
476 | 0 | ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); |
477 | 0 | return 0; |
478 | 0 | } |
479 | 0 | ec = EC_KEY_new(); |
480 | 0 | if (!ec) |
481 | 0 | return 0; |
482 | 0 | EVP_PKEY_assign_EC_KEY(pkey, ec); |
483 | 0 | if (ctx->pkey) { |
484 | | /* Note: if error return, pkey is freed by parent routine */ |
485 | 0 | if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) |
486 | 0 | return 0; |
487 | 0 | } else { |
488 | 0 | if (!EC_KEY_set_group(ec, dctx->gen_group)) |
489 | 0 | return 0; |
490 | 0 | } |
491 | 0 | return EC_KEY_generate_key(pkey->pkey.ec); |
492 | 0 | } |
493 | | |
494 | | const EVP_PKEY_METHOD ec_pkey_meth = { |
495 | | EVP_PKEY_EC, |
496 | | 0, |
497 | | pkey_ec_init, |
498 | | pkey_ec_copy, |
499 | | pkey_ec_cleanup, |
500 | | |
501 | | 0, |
502 | | pkey_ec_paramgen, |
503 | | |
504 | | 0, |
505 | | pkey_ec_keygen, |
506 | | |
507 | | 0, |
508 | | pkey_ec_sign, |
509 | | |
510 | | 0, |
511 | | pkey_ec_verify, |
512 | | |
513 | | 0, 0, |
514 | | |
515 | | 0, 0, 0, 0, |
516 | | |
517 | | 0, 0, |
518 | | |
519 | | 0, 0, |
520 | | |
521 | | 0, |
522 | | #ifndef OPENSSL_NO_ECDH |
523 | | pkey_ec_kdf_derive, |
524 | | #else |
525 | | 0, |
526 | | #endif |
527 | | |
528 | | pkey_ec_ctrl, |
529 | | pkey_ec_ctrl_str |
530 | | }; |