X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_ameth.c;h=8e02a15c27b3c663274b8a81853164716e586a54;hb=HEAD;hp=5e20f1e21c7cedf31f7f8c19cf95377095d22b9f;hpb=eb01b80247de3fa3848d58d7f2816aff8f396630;p=openssl-gost%2Fengine.git diff --git a/gost_ameth.c b/gost_ameth.c index 5e20f1e..8e02a15 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -21,13 +21,6 @@ #define PK_WRAP_PARAM "LEGACY_PK_WRAP" -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) -/* some functions have const'ed arguments since openssl-1.1.0 */ -# define OPENSSL110_const const -#else -# define OPENSSL110_const -#endif - /* * Pack bignum into byte buffer of given size, filling all leading bytes by * zeros @@ -50,6 +43,7 @@ static int pkey_bits_gost(const EVP_PKEY *pk) switch (EVP_PKEY_base_id(pk)) { case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: case NID_id_GostR3410_2012_256: return 256; case NID_id_GostR3410_2012_512: @@ -74,13 +68,27 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) switch (EVP_PKEY_base_id(key)) { case NID_id_GostR3410_2012_256: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256); + switch (pkey_param_nid) { + case NID_id_GostR3410_2001_TestParamSet: + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: + case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: + gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256); + } break; case NID_id_GostR3410_2012_512: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512); + switch (pkey_param_nid) { + case NID_id_tc26_gost_3410_2012_512_paramSetTest: + case NID_id_tc26_gost_3410_2012_512_paramSetA: + case NID_id_tc26_gost_3410_2012_512_paramSetB: + gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512); + } break; case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet); break; @@ -121,6 +129,7 @@ static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid) case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2012_512: case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: if (!key_ptr) { key_ptr = EC_KEY_new(); if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) { @@ -138,9 +147,10 @@ static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid) * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting * NID and parameters */ -static int decode_gost_algor_params(EVP_PKEY *pkey, OPENSSL110_const X509_ALGOR *palg) +static int decode_gost_algor_params(EVP_PKEY *pkey, + const X509_ALGOR *palg) { - OPENSSL110_const ASN1_OBJECT *palg_obj = NULL; + const ASN1_OBJECT *palg_obj = NULL; int ptype = V_ASN1_UNDEF; int pkey_nid = NID_undef, param_nid = NID_undef; ASN1_STRING *pval = NULL; @@ -149,7 +159,7 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, OPENSSL110_const X509_ALGOR if (!pkey || !palg) return 0; - X509_ALGOR_get0(&palg_obj, &ptype, (OPENSSL110_const void **)&pval, palg); + X509_ALGOR_get0(&palg_obj, &ptype, (const void **)&pval, palg); if (ptype != V_ASN1_SEQUENCE) { GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, GOST_R_BAD_KEY_PARAMETERS_FORMAT); @@ -179,6 +189,7 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) case NID_id_GostR3410_2012_512: case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: { EC_KEY *ec = EVP_PKEY_get0(pkey); if (!ec) { @@ -203,6 +214,7 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) case NID_id_GostR3410_2012_512: case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: { EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); if (ec) @@ -213,6 +225,191 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) return NULL; } +/* + * GOST CMS processing functions + */ +/* FIXME reaarange declarations */ +static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub); + +static int gost_cms_set_kari_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) +{ + int ret = 0; + X509_ALGOR *alg; + ASN1_OCTET_STRING *ukm; + + /* Deal with originator */ + X509_ALGOR *pubalg = NULL; + ASN1_BIT_STRING *pubkey = NULL; + + EVP_PKEY *peer_key = NULL; + X509_PUBKEY *tmp = NULL; + + int nid; + unsigned char shared_key[64]; + size_t shared_key_size = 64; + const EVP_CIPHER *cipher = NULL; + + if (CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm) == 0) + goto err; + + if (CMS_RecipientInfo_kari_get0_orig_id(ri, &pubalg, &pubkey, NULL, NULL, NULL) == 0) + goto err; + + nid = OBJ_obj2nid(alg->algorithm); + if (alg->parameter->type != V_ASN1_SEQUENCE) + goto err; + + switch (nid) { + case NID_kuznyechik_kexp15: + case NID_magma_kexp15: + cipher = EVP_get_cipherbynid(nid); + break; + } + + if (cipher == NULL) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_CIPHER_NOT_FOUND); + goto err; + } + + if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, + ASN1_STRING_length(ukm), (void *)ASN1_STRING_get0_data(ukm)) <= 0) + goto err; + + if (pubkey != NULL && pubalg != NULL) { + const ASN1_OBJECT *paobj = NULL; + int ptype = 0; + const void *param = NULL; + + peer_key = EVP_PKEY_new(); + tmp = X509_PUBKEY_new(); + + if ((peer_key == NULL) || (tmp == NULL)) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, ERR_R_MALLOC_FAILURE); + goto err; + } + + X509_ALGOR_get0(&paobj, &ptype, ¶m, pubalg); + + if (X509_PUBKEY_set0_param(tmp, (ASN1_OBJECT *)paobj, + ptype, (void *)param, + (unsigned char *)ASN1_STRING_get0_data(pubkey), + ASN1_STRING_length(pubkey) ) == 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_PUBLIC_KEY_UNDEFINED); + goto err; + } + + if (pub_decode_gost_ec(peer_key, tmp) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_DECODING_PUBLIC_KEY); + goto err; + } + + if (EVP_PKEY_derive_set_peer(pctx, peer_key) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_SETTING_PEER_KEY); + goto err; + } + } + + if (EVP_PKEY_derive(pctx, shared_key, &shared_key_size) <= 0) { + GOSTerr(GOST_F_GOST_CMS_SET_KARI_SHARED_INFO, GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + + EVP_CIPHER_CTX_set_flags(CMS_RecipientInfo_kari_get0_ctx(ri), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (EVP_DecryptInit_ex(CMS_RecipientInfo_kari_get0_ctx(ri), cipher, NULL, + shared_key, ukm->data+24) == 0) + goto err; + + ret = 1; +err: + EVP_PKEY_free(peer_key); + if (ret == 0) { + X509_PUBKEY_free(tmp); + } + + return ret; +} + +static int gost_cms_set_ktri_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) +{ + X509_ALGOR *alg; + struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx); + + CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); + + switch (OBJ_obj2nid(alg->algorithm)) { + case NID_kuznyechik_kexp15: + gctx->cipher_nid = NID_kuznyechik_ctr; + break; + + case NID_magma_kexp15: + gctx->cipher_nid = NID_magma_ctr; + break; + + case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: + case NID_id_GostR3410_2012_256: + case NID_id_GostR3410_2012_512: + gctx->cipher_nid = NID_id_Gost28147_89; + break; + + default: + GOSTerr(GOST_F_GOST_CMS_SET_KTRI_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO); + return 0; + } + + return 1; +} + +static int gost_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) +{ + switch(CMS_RecipientInfo_type(ri)) { + case CMS_RECIPINFO_AGREE: + return gost_cms_set_kari_shared_info(pctx, ri); + break; + case CMS_RECIPINFO_TRANS: + return gost_cms_set_ktri_shared_info(pctx, ri); + break; + } + + GOSTerr(GOST_F_GOST_CMS_SET_SHARED_INFO, GOST_R_UNSUPPORTED_RECIPIENT_INFO); + return 0; +} + +static ASN1_STRING *gost_encode_cms_params(int ka_nid) +{ + ASN1_STRING *ret = NULL; + ASN1_STRING *params = ASN1_STRING_new(); + + /* It's a hack. We have only one OID here, so we can use + * GOST_KEY_PARAMS which is a sequence of 3 OIDs, + * the 1st one is mandatory and the rest are optional */ + GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); + + if (params == NULL || gkp == NULL) { + GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); + goto end; + } + + gkp->key_params = OBJ_nid2obj(ka_nid); + params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); + + if (params->length < 0) { + GOSTerr(GOST_F_GOST_ENCODE_CMS_PARAMS, ERR_R_MALLOC_FAILURE); + goto end; + } + + params->type = V_ASN1_SEQUENCE; + ret = params; + +end: + GOST_KEY_PARAMS_free(gkp); + + if (ret == NULL) + ASN1_STRING_free(params); + + return ret; +} + /* * Control function */ @@ -229,6 +426,7 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) md_nid = NID_id_GostR3411_2012_256; break; case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: case NID_id_GostR3410_94: md_nid = NID_id_GostR3411_94; break; @@ -256,7 +454,7 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) return 1; #endif case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: - if (arg1 == 0) { + if (arg1 == 0) { /* Encryption */ ASN1_STRING *params = encode_gost_algor_params(pkey); if (!params) { return -1; @@ -264,21 +462,71 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1); X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_id(pkey)), V_ASN1_SEQUENCE, params); - } + } return 1; #ifndef OPENSSL_NO_CMS case ASN1_PKEY_CTRL_CMS_ENVELOPE: if (arg1 == 0) { - ASN1_STRING *params = encode_gost_algor_params(pkey); - if (!params) { - return -1; - } - CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, - NULL, &alg1); - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_id(pkey)), - V_ASN1_SEQUENCE, params); + EVP_PKEY_CTX *pctx; + CMS_RecipientInfo *ri = arg2; + + struct gost_pmeth_data *gctx = NULL; + ASN1_STRING *params = NULL; + + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; + + gctx = EVP_PKEY_CTX_get_data(pctx); + + switch (gctx->cipher_nid) { + case NID_magma_ctr: + case NID_kuznyechik_ctr: + { + int ka_nid; + + nid = (gctx->cipher_nid == NID_magma_ctr) ? NID_magma_kexp15 : + NID_kuznyechik_kexp15; + + ka_nid = (EVP_PKEY_base_id(pkey) == NID_id_GostR3410_2012_256) ? + NID_id_tc26_agreement_gost_3410_2012_256 : NID_id_tc26_agreement_gost_3410_2012_512; + + params = gost_encode_cms_params(ka_nid); + } + break; + default: + params = encode_gost_algor_params(pkey); + break; + } + + if (params == NULL) + return -1; + + CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, + NULL, &alg1); + X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_SEQUENCE, params); + } else { + EVP_PKEY_CTX *pctx; + CMS_RecipientInfo *ri = arg2; + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; + return gost_cms_set_shared_info(pctx, ri); } return 1; +#ifdef ASN1_PKEY_CTRL_CMS_RI_TYPE + case ASN1_PKEY_CTRL_CMS_RI_TYPE: + *(int *)arg2 = CMS_RECIPINFO_TRANS; + return 1; + case ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED: + if (arg1 == CMS_RECIPINFO_AGREE || arg1 == CMS_RECIPINFO_TRANS) { + *(int *)arg2 = 1; + return 1; + } + else + return 0; + break; +#endif #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = md_nid; @@ -297,14 +545,13 @@ static void pkey_free_gost_ec(EVP_PKEY *key) /* ------------------ private key functions -----------------------------*/ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, - const unsigned char *buf, int len, - int num_masks) + const unsigned char *buf, int len, int num_masks) { BIGNUM *pknum_masked = NULL, *q = NULL; const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL; const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL; - pknum_masked = hashsum2bn(buf, len); + pknum_masked = BN_lebin2bn(buf, len, BN_secure_new()); if (!pknum_masked) return NULL; @@ -322,8 +569,8 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, } for (; p != buf; p -= len) { - BIGNUM *mask = hashsum2bn(p, len); - BN_CTX *ctx = BN_CTX_new(); + BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new()); + BN_CTX *ctx = BN_CTX_secure_new(); BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx); @@ -338,16 +585,17 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, return pknum_masked; } -static int priv_decode_gost(EVP_PKEY *pk, OPENSSL110_const PKCS8_PRIV_KEY_INFO *p8inf) +static int priv_decode_gost(EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO *p8inf) { const unsigned char *pkey_buf = NULL, *p = NULL; int priv_len = 0; BIGNUM *pk_num = NULL; int ret = 0; - OPENSSL110_const X509_ALGOR *palg = NULL; - OPENSSL110_const ASN1_OBJECT *palg_obj = NULL; + const X509_ALGOR *palg = NULL; + const ASN1_OBJECT *palg_obj = NULL; ASN1_INTEGER *priv_key = NULL; - int expected_key_len = 32; + int expected_key_len; if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf)) return 0; @@ -374,7 +622,7 @@ static int priv_decode_gost(EVP_PKEY *pk, OPENSSL110_const PKCS8_PRIV_KEY_INFO * GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = hashsum2bn(s->data, s->length); + pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new()); ASN1_STRING_free(s); } else if (V_ASN1_INTEGER == *p) { priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); @@ -382,11 +630,10 @@ static int priv_decode_gost(EVP_PKEY *pk, OPENSSL110_const PKCS8_PRIV_KEY_INFO * GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = ASN1_INTEGER_to_BN(priv_key, NULL); + pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new()); ASN1_INTEGER_free(priv_key); } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) { - MASKED_GOST_KEY *mgk = NULL; - mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len); + MASKED_GOST_KEY *mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len); if (!mgk) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); @@ -423,23 +670,25 @@ static int priv_decode_gost(EVP_PKEY *pk, OPENSSL110_const PKCS8_PRIV_KEY_INFO * static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) { ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); - ASN1_STRING *params = encode_gost_algor_params(pk); + ASN1_STRING *params = NULL; unsigned char *buf = NULL; int key_len = pkey_bits_gost(pk), i = 0; /* unmasked private key */ const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT); - if (!params) { + key_len = (key_len < 0) ? 0 : key_len / 8; + if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) { return 0; } - key_len = (key_len < 0) ? 0 : key_len / 8; - if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) { + if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) { + OPENSSL_secure_free(buf); return 0; } - if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) { - OPENSSL_free(buf); + params = encode_gost_algor_params(pk); + if (!params) { + OPENSSL_secure_free(buf); return 0; } @@ -450,19 +699,22 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) buf[key_len - 1 - i] = tmp; } - if(pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) { - ASN1_STRING *octet = NULL; + if (pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) { + ASN1_STRING *octet = ASN1_STRING_new(); int priv_len = 0; unsigned char *priv_buf = NULL; - - octet = ASN1_STRING_new(); - ASN1_OCTET_STRING_set(octet, buf, key_len); + if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) { + ASN1_STRING_free(octet); + ASN1_STRING_free(params); + OPENSSL_secure_free(buf); + return 0; + } priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); ASN1_STRING_free(octet); - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - priv_buf, priv_len); + priv_buf, priv_len); } return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, @@ -510,7 +762,7 @@ static int print_gost_ec_pub(BIO *out, const EVP_PKEY *pkey, int indent) if (!pubkey || !group) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) { + if (!EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx)) { GOSTerr(GOST_F_PRINT_GOST_EC_PUB, ERR_R_EC_LIB); goto err; } @@ -650,88 +902,92 @@ static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b) } /* ---------- Public key functions * --------------------------------------*/ -static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub) +static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub) { X509_ALGOR *palg = NULL; const unsigned char *pubkey_buf = NULL; - unsigned char *databuf; + unsigned char *databuf = NULL; ASN1_OBJECT *palgobj = NULL; int pub_len; - EC_POINT *pub_key; - BIGNUM *X, *Y; + EC_POINT *pub_key = NULL; + BIGNUM *X = NULL, *Y = NULL; ASN1_OCTET_STRING *octet = NULL; size_t len; const EC_GROUP *group; + int retval = 0; if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)) - return 0; + goto ret; EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL); if (!decode_gost_algor_params(pk, palg)) - return 0; + goto ret; group = EC_KEY_get0_group(EVP_PKEY_get0(pk)); octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len); if (!octet) { GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE); - return 0; + goto ret; } databuf = OPENSSL_malloc(octet->length); - if (databuf == NULL) { + if (!databuf) { GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_MALLOC_FAILURE); - ASN1_OCTET_STRING_free(octet); - return 0; + goto ret; } - BUF_reverse(databuf, octet->data, octet->length); + BUF_reverse(databuf, octet->data, octet->length); len = octet->length / 2; - ASN1_OCTET_STRING_free(octet); Y = BN_bin2bn(databuf, len, NULL); X = BN_bin2bn(databuf + len, len, NULL); - OPENSSL_free(databuf); + if (!X || !Y) { + GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_BN_LIB); + goto ret; + } pub_key = EC_POINT_new(group); - if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) { + if (!EC_POINT_set_affine_coordinates(group, pub_key, X, Y, NULL)) { GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB); - EC_POINT_free(pub_key); - BN_free(X); - BN_free(Y); - return 0; + goto ret; } - BN_free(X); - BN_free(Y); - if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) { + + retval = EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key); + if (!retval) GOSTerr(GOST_F_PUB_DECODE_GOST_EC, ERR_R_EC_LIB); - EC_POINT_free(pub_key); - return 0; - } - EC_POINT_free(pub_key); - return 1; +ret: + EC_POINT_free(pub_key); + BN_free(X); + BN_free(Y); + OPENSSL_free(databuf); + ASN1_OCTET_STRING_free(octet); + return retval; } static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) { - ASN1_OBJECT *algobj = NULL; + ASN1_OBJECT *algobj; ASN1_OCTET_STRING *octet = NULL; - void *pval = NULL; + void *pval; unsigned char *buf = NULL, *databuf = NULL; int data_len, ret = -1; const EC_POINT *pub_key; - BIGNUM *X = NULL, *Y = NULL, *order = NULL; + BIGNUM *X = NULL, *Y = NULL, *order; const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); - int ptype = V_ASN1_UNDEF; + int ptype = V_ASN1_SEQUENCE; + ASN1_STRING *params; algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); - ASN1_STRING *params = encode_gost_algor_params(pk); - pval = params; - ptype = V_ASN1_SEQUENCE; + params = encode_gost_algor_params(pk); + pval = params; order = BN_new(); - if (!order) { + if (order == NULL || EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL) == 0) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE); goto err; } - EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL); + if (EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL) == 0) { + GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR); + goto err; + } pub_key = EC_KEY_get0_public_key(ec); if (!pub_key) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, GOST_R_PUBLIC_KEY_UNDEFINED); @@ -743,7 +999,7 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), + if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec), pub_key, X, Y, NULL)) { GOSTerr(GOST_F_PUB_ENCODE_GOST_EC, ERR_R_INTERNAL_ERROR); goto err; @@ -758,7 +1014,7 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) store_bignum(X, databuf + data_len / 2, data_len / 2); store_bignum(Y, databuf, data_len / 2); - BUF_reverse(databuf, NULL, data_len); + BUF_reverse(databuf, NULL, data_len); octet = ASN1_OCTET_STRING_new(); if (octet == NULL) { @@ -772,8 +1028,8 @@ static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk) } ret = i2d_ASN1_OCTET_STRING(octet, &buf); - ASN1_BIT_STRING_free(octet); err: + ASN1_BIT_STRING_free(octet); if (X) BN_free(X); if (Y) @@ -810,6 +1066,7 @@ static int pkey_size_gost(const EVP_PKEY *pk) switch (EVP_PKEY_base_id(pk)) { case NID_id_GostR3410_94: case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: case NID_id_GostR3410_2012_256: return 64; case NID_id_GostR3410_2012_512: @@ -904,6 +1161,7 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, return 0; switch (nid) { case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001DH: EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec); EVP_PKEY_asn1_set_private(*ameth, priv_decode_gost, priv_encode_gost, @@ -919,9 +1177,7 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost); -#endif break; case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2012_512: @@ -941,9 +1197,7 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_PKEY_asn1_set_security_bits(*ameth, pkey_bits_gost); -#endif break; case NID_id_Gost28147_89_MAC: EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);