break;
case NID_id_GostR3410_2012_512:
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
+ switch (pkey_param_nid) {
+ case NID_id_tc26_gost_3410_2012_512_paramSetTest:
+ case NID_id_tc26_gost_3410_2012_512_paramSetA:
+ case NID_id_tc26_gost_3410_2012_512_paramSetB:
+ gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
+ }
break;
case NID_id_GostR3410_2001:
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL;
const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL;
- pknum_masked = hashsum2bn(buf, len);
+ pknum_masked = BN_lebin2bn(buf, len, BN_secure_new());
if (!pknum_masked)
return NULL;
}
for (; p != buf; p -= len) {
- BIGNUM *mask = hashsum2bn(p, len);
- BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new());
+ BN_CTX *ctx = BN_CTX_secure_new();
BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx);
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
- pk_num = hashsum2bn(s->data, s->length);
+ pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new());
ASN1_STRING_free(s);
} else if (V_ASN1_INTEGER == *p) {
priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
- pk_num = ASN1_INTEGER_to_BN(priv_key, NULL);
+ pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new());
ASN1_INTEGER_free(priv_key);
} else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
- MASKED_GOST_KEY *mgk = NULL;
- mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
+ MASKED_GOST_KEY *mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
if (!mgk) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
key_len = (key_len < 0) ? 0 : key_len / 8;
- if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
+ if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) {
return 0;
}
if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
- OPENSSL_free(buf);
+ OPENSSL_secure_free(buf);
return 0;
}
params = encode_gost_algor_params(pk);
if (!params) {
- OPENSSL_free(buf);
+ OPENSSL_secure_free(buf);
return 0;
}
}
if (pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) {
- ASN1_STRING *octet = NULL;
+ ASN1_STRING *octet = ASN1_STRING_new();
int priv_len = 0;
unsigned char *priv_buf = NULL;
- octet = ASN1_STRING_new();
if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
ASN1_STRING_free(octet);
ASN1_STRING_free(params);
- OPENSSL_free(buf);
+ OPENSSL_secure_free(buf);
return 0;
}
priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
ASN1_STRING_free(octet);
- OPENSSL_free(buf);
+ OPENSSL_secure_free(buf);
return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
priv_buf, priv_len);
static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk)
{
- ASN1_OBJECT *algobj = NULL;
+ ASN1_OBJECT *algobj;
ASN1_OCTET_STRING *octet = NULL;
- void *pval = NULL;
+ void *pval;
unsigned char *buf = NULL, *databuf = NULL;
int data_len, ret = -1;
const EC_POINT *pub_key;
- BIGNUM *X = NULL, *Y = NULL, *order = NULL;
+ BIGNUM *X = NULL, *Y = NULL, *order;
const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
int ptype = V_ASN1_SEQUENCE;
ASN1_STRING *params;
projects / openssl-gost / engine.git / blobdiff