diff options
38 files changed, 1273 insertions, 1076 deletions
@@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -89,6 +89,7 @@ int MAIN(int argc, char **argv) #endif int ret = 1; EC_KEY *eckey = NULL; + const EC_GROUP *group; int i, badops = 0; const EVP_CIPHER *enc = NULL; BIO *in = NULL, *out = NULL; @@ -328,14 +329,13 @@ bad: } } + group = EC_KEY_get0_group(eckey); + if (new_form) - { - EC_GROUP_set_point_conversion_form(eckey->group, form); - eckey->conv_form = form; - } + EC_KEY_set_conv_form(eckey, form); if (new_asn1_flag) - EC_GROUP_set_asn1_flag(eckey->group, asn1_flag); + EC_KEY_set_asn1_flag(eckey, asn1_flag); if (text) if (!EC_KEY_print(out, eckey, 0)) @@ -352,7 +352,7 @@ bad: if (outformat == FORMAT_ASN1) { if (param_out) - i = i2d_ECPKParameters_bio(out, eckey->group); + i = i2d_ECPKParameters_bio(out, group); else if (pubin || pubout) i = i2d_EC_PUBKEY_bio(out, eckey); else @@ -361,7 +361,7 @@ bad: else if (outformat == FORMAT_PEM) { if (param_out) - i = PEM_write_bio_ECPKParameters(out, eckey->group); + i = PEM_write_bio_ECPKParameters(out, group); else if (pubin || pubout) i = PEM_write_bio_EC_PUBKEY(out, eckey); else diff --git a/apps/ecparam.c b/apps/ecparam.c index b9786288d9..167fd1faaa 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -647,11 +647,11 @@ bad: assert(need_rand); - eckey->group = group; + if (EC_KEY_set_group(eckey, group) == 0) + goto end; if (!EC_KEY_generate_key(eckey)) { - eckey->group = NULL; EC_KEY_free(eckey); goto end; } @@ -664,11 +664,9 @@ bad: { BIO_printf(bio_err, "bad output format specified " "for outfile\n"); - eckey->group = NULL; EC_KEY_free(eckey); goto end; } - eckey->group = NULL; EC_KEY_free(eckey); } diff --git a/apps/req.c b/apps/req.c index db70dc2275..764ef2906f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -344,6 +344,7 @@ int MAIN(int argc, char **argv) { X509 *xtmp=NULL; EVP_PKEY *dtmp; + EC_GROUP *group; pkey_type=TYPE_EC; p+=3; @@ -354,10 +355,10 @@ int MAIN(int argc, char **argv) } if ((ec_params = EC_KEY_new()) == NULL) goto end; - if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL) + group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); + if (group == NULL) { - if (ec_params) - EC_KEY_free(ec_params); + EC_KEY_free(ec_params); ERR_clear_error(); (void)BIO_reset(in); if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) @@ -369,7 +370,7 @@ int MAIN(int argc, char **argv) if ((dtmp=X509_get_pubkey(xtmp))==NULL) goto end; if (dtmp->type == EVP_PKEY_EC) - ec_params = ECParameters_dup(dtmp->pkey.eckey); + ec_params = EC_KEY_dup(dtmp->pkey.ec); EVP_PKEY_free(dtmp); X509_free(xtmp); if (ec_params == NULL) @@ -378,12 +379,16 @@ int MAIN(int argc, char **argv) goto end; } } + else + { + if (EC_KEY_set_group(ec_params, group) == 0) + goto end; + EC_GROUP_free(group); + } BIO_free(in); in=NULL; - - newkey = EC_GROUP_get_degree(ec_params->group); - + newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params)); } else #endif diff --git a/apps/s_server.c b/apps/s_server.c index ea19a50bff..59b6305e97 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -981,13 +981,6 @@ bad: { EC_KEY *ecdh=NULL; - ecdh = EC_KEY_new(); - if (ecdh == NULL) - { - BIO_printf(bio_err,"Could not create ECDH struct.\n"); - goto end; - } - if (named_curve) { int nid = OBJ_sn2nid(named_curve); @@ -998,9 +991,8 @@ bad: named_curve); goto end; } - - ecdh->group = EC_GROUP_new_by_curve_name(nid); - if (ecdh->group == NULL) + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve); @@ -1008,15 +1000,15 @@ bad: } } - if (ecdh->group != NULL) + if (ecdh != NULL) { BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); } else { BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); - ecdh->group=EC_GROUP_new_by_curve_name(NID_sect163r2); - if (ecdh->group == NULL) + ecdh = EC_KEY_new_by_curve_name(NID_sect163r2); + if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (sect163r2)\n"); goto end; diff --git a/apps/speed.c b/apps/speed.c index 2ecbb1e9c6..50a110df04 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2040,7 +2040,7 @@ int MAIN(int argc, char **argv) int ret; if (!ecdsa_doit[j]) continue; /* Ignore Curve */ - ecdsa[j] = EC_KEY_new(); + ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]); if (ecdsa[j] == NULL) { BIO_printf(bio_err,"ECDSA failure.\n"); @@ -2049,100 +2049,89 @@ int MAIN(int argc, char **argv) } else { - ecdsa[j]->group = EC_GROUP_new_by_curve_name(test_curves[j]); - /* Could not obtain group information */ - if (ecdsa[j]->group == NULL) +#if 1 + EC_KEY_precompute_mult(ecdsa[j], NULL); +#endif + /* Perform ECDSA signature test */ + EC_KEY_generate_key(ecdsa[j]); + ret = ECDSA_sign(0, buf, 20, ecdsasig, + &ecdsasiglen, ecdsa[j]); + if (ret == 0) { - BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n"); + BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); ERR_print_errors(bio_err); rsa_count=1; } else { -#if 1 - EC_GROUP_precompute_mult(ecdsa[j]->group, NULL); -#endif - /* Perform ECDSA signature test */ - EC_KEY_generate_key(ecdsa[j]); - ret = ECDSA_sign(0, buf, 20, ecdsasig, - &ecdsasiglen, ecdsa[j]); - if (ret == 0) - { - BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); - ERR_print_errors(bio_err); - rsa_count=1; - } - else + pkey_print_message("sign","ecdsa", + ecdsa_c[j][0], + test_curves_bits[j], + ECDSA_SECONDS); + + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][0]); + count++) { - pkey_print_message("sign","ecdsa", - ecdsa_c[j][0], - test_curves_bits[j], - ECDSA_SECONDS); - - Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][0]); - count++) + ret=ECDSA_sign(0, buf, 20, + ecdsasig, &ecdsasiglen, + ecdsa[j]); + if (ret == 0) { - ret=ECDSA_sign(0, buf, 20, - ecdsasig, &ecdsasiglen, - ecdsa[j]); - if (ret == 0) - { - BIO_printf(bio_err, "ECDSA sign failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err, "ECDSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; } - d=Time_F(STOP); - - BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : - "%ld %d bit ECDSA signs in %.2fs \n", - count, test_curves_bits[j], d); - ecdsa_results[j][0]=d/(double)count; - rsa_count=count; } + d=Time_F(STOP); - /* Perform ECDSA verification test */ - ret=ECDSA_verify(0, buf, 20, ecdsasig, - ecdsasiglen, ecdsa[j]); - if (ret != 1) - { - BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); - ERR_print_errors(bio_err); - ecdsa_doit[j] = 0; - } - else + BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : + "%ld %d bit ECDSA signs in %.2fs \n", + count, test_curves_bits[j], d); + ecdsa_results[j][0]=d/(double)count; + rsa_count=count; + } + + /* Perform ECDSA verification test */ + ret=ECDSA_verify(0, buf, 20, ecdsasig, + ecdsasiglen, ecdsa[j]); + if (ret != 1) + { + BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); + ERR_print_errors(bio_err); + ecdsa_doit[j] = 0; + } + else + { + pkey_print_message("verify","ecdsa", + ecdsa_c[j][1], + test_curves_bits[j], + ECDSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][1]); count++) { - pkey_print_message("verify","ecdsa", - ecdsa_c[j][1], - test_curves_bits[j], - ECDSA_SECONDS); - Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][1]); count++) + ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); + if (ret != 1) { - ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); - if (ret != 1) - { - BIO_printf(bio_err, "ECDSA verify failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err, "ECDSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; } - d=Time_F(STOP); - BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" - : "%ld %d bit ECDSA verify in %.2fs\n", - count, test_curves_bits[j], d); - ecdsa_results[j][1]=d/(double)count; } + d=Time_F(STOP); + BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" + : "%ld %d bit ECDSA verify in %.2fs\n", + count, test_curves_bits[j], d); + ecdsa_results[j][1]=d/(double)count; + } - if (rsa_count <= 1) - { - /* if longer than 10s, don't do any more */ - for (j++; j<EC_NUM; j++) - ecdsa_doit[j]=0; - } + if (rsa_count <= 1) + { + /* if longer than 10s, don't do any more */ + for (j++; j<EC_NUM; j++) + ecdsa_doit[j]=0; } } } @@ -2158,8 +2147,8 @@ int MAIN(int argc, char **argv) for (j=0; j<EC_NUM; j++) { if (!ecdh_doit[j]) continue; - ecdh_a[j] = EC_KEY_new(); - ecdh_b[j] = EC_KEY_new(); + ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]); + ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]); if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) { BIO_printf(bio_err,"ECDH failure.\n"); @@ -2168,90 +2157,79 @@ int MAIN(int argc, char **argv) } else { - ecdh_a[j]->group = EC_GROUP_new_by_curve_name(test_curves[j]); - if (ecdh_a[j]->group == NULL) + /* generate two ECDH key pairs */ + if (!EC_KEY_generate_key(ecdh_a[j]) || + !EC_KEY_generate_key(ecdh_b[j])) { - BIO_printf(bio_err,"ECDH failure.\n"); + BIO_printf(bio_err,"ECDH key generation failure.\n"); ERR_print_errors(bio_err); - rsa_count=1; + rsa_count=1; } else { - ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group); - - /* generate two ECDH key pairs */ - if (!EC_KEY_generate_key(ecdh_a[j]) || - !EC_KEY_generate_key(ecdh_b[j])) + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); + field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j])); + if (field_size <= 24 * 8) { - BIO_printf(bio_err,"ECDH key generation failure.\n"); - ERR_print_errors(bio_err); - rsa_count=1; + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; } else { - /* If field size is not more than 24 octets, then use SHA-1 hash of result; - * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). - */ - int field_size, outlen; - void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); - field_size = EC_GROUP_get_degree(ecdh_a[j]->group); - if (field_size <= 24 * 8) - { - outlen = KDF1_SHA1_len; - kdf = KDF1_SHA1; - } - else - { - outlen = (field_size+7)/8; - kdf = NULL; - } - secret_size_a = ECDH_compute_key(secret_a, outlen, - ecdh_b[j]->pub_key, - ecdh_a[j], kdf); - secret_size_b = ECDH_compute_key(secret_b, outlen, - ecdh_a[j]->pub_key, - ecdh_b[j], kdf); - if (secret_size_a != secret_size_b) - ecdh_checks = 0; - else - ecdh_checks = 1; - - for (secret_idx = 0; - (secret_idx < secret_size_a) - && (ecdh_checks == 1); - secret_idx++) - { - if (secret_a[secret_idx] != secret_b[secret_idx]) - ecdh_checks = 0; - } + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, + EC_KEY_get0_public_key(ecdh_a[j]), + ecdh_b[j], kdf); + if (secret_size_a != secret_size_b) + ecdh_checks = 0; + else + ecdh_checks = 1; - if (ecdh_checks == 0) - { - BIO_printf(bio_err,"ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - rsa_count=1; - } + for (secret_idx = 0; + (secret_idx < secret_size_a) + && (ecdh_checks == 1); + secret_idx++) + { + if (secret_a[secret_idx] != secret_b[secret_idx]) + ecdh_checks = 0; + } - pkey_print_message("","ecdh", - ecdh_c[j][0], - test_curves_bits[j], - ECDH_SECONDS); - Time_F(START); - for (count=0,run=1; COND(ecdh_c[j][0]); count++) - { - ECDH_compute_key(secret_a, outlen, - ecdh_b[j]->pub_key, - ecdh_a[j], kdf); - } - d=Time_F(STOP); - BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", - count, test_curves_bits[j], d); - ecdh_results[j][0]=d/(double)count; - rsa_count=count; + if (ecdh_checks == 0) + { + BIO_printf(bio_err,"ECDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count=1; } + + pkey_print_message("","ecdh", + ecdh_c[j][0], + test_curves_bits[j], + ECDH_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdh_c[j][0]); count++) + { + ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + } + d=Time_F(STOP); + BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", + count, test_curves_bits[j], d); + ecdh_results[j][0]=d/(double)count; + rsa_count=count; } } + if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 5f30585142..207ccda5ac 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -113,7 +113,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = d2i_ECPrivateKey(NULL, + if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, (const unsigned char **)pp, length)) == NULL) { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 8a05810eda..3694f51a8c 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -113,7 +113,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if (!o2i_ECPublicKey(&(ret->pkey.eckey), + if (!o2i_ECPublicKey(&(ret->pkey.ec), (const unsigned char **)pp, length)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c index bbf2a0d2d6..0be52c5b76 100644 --- a/crypto/asn1/i2d_pr.c +++ b/crypto/asn1/i2d_pr.c @@ -89,7 +89,7 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) #ifndef OPENSSL_NO_EC if (a->type == EVP_PKEY_EC) { - return(i2d_ECPrivateKey(a->pkey.eckey, pp)); + return(i2d_ECPrivateKey(a->pkey.ec, pp)); } #endif diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c index 44f186442e..34286dbd35 100644 --- a/crypto/asn1/i2d_pu.c +++ b/crypto/asn1/i2d_pu.c @@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - return(i2o_ECPublicKey(a->pkey.eckey, pp)); + return(i2o_ECPublicKey(a->pkey.ec, pp)); #endif default: ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 687a2bd6f5..7dd4ae3787 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -79,7 +79,7 @@ #include <openssl/ec.h> #endif -static int print(BIO *fp,const char *str,BIGNUM *num, +static int print(BIO *fp,const char *str, const BIGNUM *num, unsigned char *buf,int off); static int print_bin(BIO *fp, const char *str, const unsigned char *num, size_t len, int off); @@ -279,7 +279,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) size_t buf_len=0, i; int ret=0, reason=ERR_R_BIO_LIB; BN_CTX *ctx=NULL; - EC_POINT *point=NULL; + const EC_POINT *point=NULL; BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, *order=NULL, *cofactor=NULL; const unsigned char *seed; @@ -481,24 +481,29 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) int ret=0, reason=ERR_R_BIO_LIB; BIGNUM *pub_key=NULL, *order=NULL; BN_CTX *ctx=NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; - if (!x || !x->group) + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { reason = ERR_R_PASSED_NULL_PARAMETER; goto err; } - if ((pub_key = EC_POINT_point2bn(x->group, x->pub_key, - x->conv_form, NULL, ctx)) == NULL) + public_key = EC_KEY_get0_public_key(x); + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) { reason = ERR_R_EC_LIB; goto err; } buf_len = (size_t)BN_num_bytes(pub_key); - if (x->priv_key) + priv_key = EC_KEY_get0_private_key(x); + if (priv_key != NULL) { - if ((i = (size_t)BN_num_bytes(x->priv_key)) > buf_len) + if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) buf_len = i; } @@ -509,25 +514,25 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) goto err; } - if (x->priv_key != NULL) + if (priv_key != NULL) { if (!BIO_indent(bp, off, 128)) goto err; if ((order = BN_new()) == NULL) goto err; - if (!EC_GROUP_get_order(x->group, order, NULL)) + if (!EC_GROUP_get_order(group, order, NULL)) goto err; if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(order)) <= 0) goto err; } - if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, + if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off)) goto err; if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off)) goto err; - if (!ECPKParameters_print(bp, x->group, off)) + if (!ECPKParameters_print(bp, group, off)) goto err; ret=1; err: @@ -545,7 +550,7 @@ err: } #endif /* OPENSSL_NO_EC */ -static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, +static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, int off) { int n,i; @@ -770,8 +775,9 @@ int ECParameters_print(BIO *bp, const EC_KEY *x) { int reason=ERR_R_EC_LIB, ret=0; BIGNUM *order=NULL; + const EC_GROUP *group; - if (!x || !x->group) + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { reason = ERR_R_PASSED_NULL_PARAMETER;; goto err; @@ -783,7 +789,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *x) goto err; } - if (!EC_GROUP_get_order(x->group, order, NULL)) + if (!EC_GROUP_get_order(group, order, NULL)) { reason = ERR_R_EC_LIB; goto err; @@ -792,7 +798,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *x) if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", BN_num_bits(order)) <= 0) goto err; - if (!ECPKParameters_print(bp, x->group, 4)) + if (!ECPKParameters_print(bp, group, 4)) goto err; ret=1; err: diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 4056cf6ea4..204ca105e3 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -166,7 +166,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long if (pkey->type == EVP_PKEY_EC) { BIO_printf(bp, "%12sEC Public Key: \n",""); - EC_KEY_print(bp, pkey->pkey.eckey, 16); + EC_KEY_print(bp, pkey->pkey.ec, 16); } else #endif diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index e84bae6438..23ab3b94e0 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -100,7 +100,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) if (pkey->type == EVP_PKEY_EC) { BIO_printf(out, " EC Public Key:\n"); - EC_KEY_print(out, pkey->pkey.eckey,2); + EC_KEY_print(out, pkey->pkey.ec,2); } else #endif diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 4bf5c893e7..61f48d14d7 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -236,7 +236,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) if (pkey->type == EVP_PKEY_EC) { BIO_printf(bp, "%12sEC Public Key:\n",""); - EC_KEY_print(bp, pkey->pkey.eckey, 16); + EC_KEY_print(bp, pkey->pkey.ec, 16); } else #endif diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index c371e4c4cd..50faa4af20 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -159,9 +159,10 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { int nid=0; unsigned char *pp; - EC_KEY *eckey; + EC_KEY *ec_key; + const EC_GROUP *group; - eckey = pkey->pkey.eckey; + ec_key = pkey->pkey.ec; ASN1_TYPE_free(a->parameter); if ((a->parameter = ASN1_TYPE_new()) == NULL) @@ -170,8 +171,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) goto err; } - if (EC_GROUP_get_asn1_flag(eckey->group) - && (nid = EC_GROUP_get_curve_name(eckey->group))) + group = EC_KEY_get0_group(ec_key); + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) { /* just set the OID */ a->parameter->type = V_ASN1_OBJECT; @@ -179,7 +181,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } else /* explicit parameters */ { - if ((i = i2d_ECParameters(eckey, NULL)) == 0) + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); goto err; @@ -190,7 +192,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) goto err; } pp = p; - if (!i2d_ECParameters(eckey, &pp)) + if (!i2d_ECParameters(ec_key, &pp)) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); OPENSSL_free(p); @@ -313,7 +315,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) /* type == V_ASN1_SEQUENCE => we have explicit parameters * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) */ - if ((ret->pkey.eckey= EC_KEY_new()) == NULL) + if ((ret->pkey.ec= EC_KEY_new()) == NULL) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); @@ -321,7 +323,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) } cp = p = a->parameter->value.sequence->data; j = a->parameter->value.sequence->length; - if (!d2i_ECParameters(&ret->pkey.eckey, &cp, (long)j)) + if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); goto err; @@ -332,17 +334,21 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) /* type == V_ASN1_OBJECT =& |