X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_ameth.c;h=f13b4ed8a544a6ab21b4d7262fc6952d5ea53fce;hb=6c625485700a7c883066ab76b5e07c7464611636;hp=7fe05c8d81b0f9e4083ac60b2ba80564dbd90042;hpb=d47b346150868622f42178994fc26f799a80410a;p=openssl-gost%2Fengine.git diff --git a/gost_ameth.c b/gost_ameth.c index 7fe05c8..f13b4ed 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -310,7 +310,7 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL; const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL; - pknum_masked = hashsum2bn(buf, len); + pknum_masked = BN_lebin2bn(buf, len, BN_secure_new()); if (!pknum_masked) return NULL; @@ -328,8 +328,8 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, } for (; p != buf; p -= len) { - BIGNUM *mask = hashsum2bn(p, len); - BN_CTX *ctx = BN_CTX_new(); + BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new()); + BN_CTX *ctx = BN_CTX_secure_new(); BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx); @@ -381,7 +381,7 @@ static int priv_decode_gost(EVP_PKEY *pk, GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = hashsum2bn(s->data, s->length); + pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new()); ASN1_STRING_free(s); } else if (V_ASN1_INTEGER == *p) { priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); @@ -389,11 +389,10 @@ static int priv_decode_gost(EVP_PKEY *pk, GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = ASN1_INTEGER_to_BN(priv_key, NULL); + pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new()); ASN1_INTEGER_free(priv_key); } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) { - MASKED_GOST_KEY *mgk = NULL; - mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len); + MASKED_GOST_KEY *mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len); if (!mgk) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); @@ -437,18 +436,18 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT); key_len = (key_len < 0) ? 0 : key_len / 8; - if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) { + if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) { return 0; } if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) { - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } params = encode_gost_algor_params(pk); if (!params) { - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } @@ -460,19 +459,18 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) } if (pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) { - ASN1_STRING *octet = NULL; + ASN1_STRING *octet = ASN1_STRING_new(); int priv_len = 0; unsigned char *priv_buf = NULL; - octet = ASN1_STRING_new(); if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) { ASN1_STRING_free(octet); ASN1_STRING_free(params); - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); ASN1_STRING_free(octet); - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, priv_len); @@ -723,13 +721,13 @@ static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub) static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) { - ASN1_OBJECT *algobj = NULL; + ASN1_OBJECT *algobj; ASN1_OCTET_STRING *octet = NULL; - void *pval = NULL; + void *pval; unsigned char *buf = NULL, *databuf = NULL; int data_len, ret = -1; const EC_POINT *pub_key; - BIGNUM *X = NULL, *Y = NULL, *order = NULL; + BIGNUM *X = NULL, *Y = NULL, *order; const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); int ptype = V_ASN1_SEQUENCE; ASN1_STRING *params;