enhance EC method to support setting curve type when generating keys and add...

enhance EC method to support setting curve type when generating keys and add parameter encoding option

enhance EC method to support setting curve type when generating keys and add...
enhance EC method to support setting curve type when generating keys and add parameter encoding option
24edfa9d · Dr. Stephen Henson · 0a17b8de · 24edfa9d · 24edfa9d
隐藏空白更改
内联并排

Showing with 41 addition and 5 deletion

crypto/ec/ec.h crypto/ec/ec.h +7 -1

crypto/ec/ec_pmeth.c crypto/ec/ec_pmeth.c +34 -4

未找到文件。
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -956,11 +956,17 @@ int	EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 #endif

 #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
 				EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)

+#define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+				EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)

 #define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID		(EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_EC_PARAM_ENC			(EVP_PKEY_ALG_CTRL + 2)

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -219,6 +219,15 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		dctx->gen_group = group;
 		return 1;

+		case EVP_PKEY_CTRL_EC_PARAM_ENC:
+		if (!dctx->gen_group)
+			{
+			ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);
+			return 0;
+			}
+		EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
+		return 1;
+
 		case EVP_PKEY_CTRL_MD:
 		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
@@ -264,6 +273,18 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
 			}
 		return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
 		}
+	else if (!strcmp(type, "ec_param_enc"))
+		{
+		int param_enc;
+		if (!strcmp(value, "explicit"))
+			param_enc = 0;
+		else if (!strcmp(value, "named_curve"))
+			param_enc = OPENSSL_EC_NAMED_CURVE;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+		}
+			
 	return -2;
 	}

@@ -291,7 +312,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 	{
 	EC_KEY *ec = NULL;
-	if (ctx->pkey == NULL)
+	EC_PKEY_CTX *dctx = ctx->data;
+	if (ctx->pkey == NULL && dctx->gen_group == NULL)
 		{
 		ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
 		return 0;
@@ -300,9 +322,17 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 	if (!ec)
 		return 0;
 	EVP_PKEY_assign_EC_KEY(pkey, ec);
-	/* Note: if error return, pkey is freed by parent routine */
-	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-		return 0;
+	if (ctx->pkey)
+		{
+		/* Note: if error return, pkey is freed by parent routine */
+		if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+			return 0;
+		}
+	else
+		{
+		if (!EC_KEY_set_group(ec, dctx->gen_group))
+			return 0;
+		}
 	return EC_KEY_generate_key(pkey->pkey.ec);
 	}