X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_ameth.c;h=d53b89e89d577eab679b7602ec7e0d5158e21f76;hb=28314b3bcf3f6111a51b42c0168eaa30a938a40d;hp=66f89a562bc8cd834d277429e71a6db3a5691cb3;hpb=cf50e3aee85c81690a541314541b0a31149004e9;p=openssl-gost%2Fengine.git diff --git a/gost_ameth.c b/gost_ameth.c index 66f89a5..d53b89e 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -19,6 +19,8 @@ #include "gost_lcl.h" #include "e_gost_err.h" +#define PK_WRAP_PARAM "LEGACY_PK_WRAP" + /* * Pack bignum into byte buffer of given size, filling all leading bytes by * zeros @@ -179,7 +181,7 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) if (!EC_KEY_set_private_key(ec, priv)) return 0; if (!EVP_PKEY_missing_parameters(pkey)) - gost_ec_compute_public(ec); + return gost_ec_compute_public(ec); break; } default: @@ -415,10 +417,11 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) { ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); ASN1_STRING *params = encode_gost_algor_params(pk); - unsigned char /**priv_buf = NULL,*/ *buf = NULL; - int key_len = pkey_bits_gost(pk), /*priv_len = 0,*/ i = 0; + unsigned char *buf = NULL; + int key_len = pkey_bits_gost(pk), i = 0; + /* unmasked private key */ + const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT); - /*ASN1_STRING *octet = NULL;*/ if (!params) { return 0; } @@ -440,18 +443,23 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) buf[key_len - 1 - i] = tmp; } -/* - octet = ASN1_STRING_new(); - ASN1_OCTET_STRING_set(octet, buf, key_len); + if(pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) { + ASN1_STRING *octet = NULL; + int priv_len = 0; + unsigned char *priv_buf = NULL; - priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); - ASN1_STRING_free(octet); - OPENSSL_free(buf); + octet = ASN1_STRING_new(); + ASN1_OCTET_STRING_set(octet, buf, key_len); + priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); + ASN1_STRING_free(octet); + OPENSSL_free(buf); + + return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, + priv_buf, priv_len); + } return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - priv_buf, priv_len); */ - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - buf, key_len); + buf, key_len); } /* --------- printing keys --------------------------------*/ @@ -641,11 +649,11 @@ static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub) const unsigned char *pubkey_buf = NULL; unsigned char *databuf; ASN1_OBJECT *palgobj = NULL; - int pub_len, i, j; + int pub_len; EC_POINT *pub_key; BIGNUM *X, *Y; ASN1_OCTET_STRING *octet = NULL; - int len; + size_t len; const EC_GROUP *group; if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)) @@ -665,9 +673,8 @@ static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub) ASN1_OCTET_STRING_free(octet); return 0; } - for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) { - databuf[j] = octet->data[i]; - } + + BUF_reverse(databuf, octet->data, octet->length); len = octet->length / 2; ASN1_OCTET_STRING_free(octet); @@ -699,8 +706,8 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) ASN1_OBJECT *algobj = NULL; ASN1_OCTET_STRING *octet = NULL; void *pval = NULL; - unsigned char *buf = NULL, *databuf = NULL, *sptr; - int i, j, data_len, ret = -1; + unsigned char *buf = NULL, *databuf = NULL; + int data_len, ret = -1; const EC_POINT *pub_key; BIGNUM *X = NULL, *Y = NULL, *order = NULL; const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); @@ -735,12 +742,11 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) goto err; } data_len = 2 * BN_num_bytes(order); - databuf = OPENSSL_malloc(data_len); + databuf = OPENSSL_zalloc(data_len); if (databuf == NULL) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE); goto err; } - memset(databuf, 0, data_len); store_bignum(X, databuf + data_len / 2, data_len / 2); store_bignum(Y, databuf, data_len / 2);