[pkg-opensc-commit] [libp11] 59/86: Fixed ECDH public key derivation
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 9a1e2071c009bc454739d3ca74cbfca4f2e168cc
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Wed Mar 2 13:16:21 2016 +0100
Fixed ECDH public key derivation
This commit fixes ECDH key derivation when the private key is not on a PKCS#11 device.
The key derivation is gracefully redirected back to the original OpenSSL function.
Closes #69.
---
src/p11_ec.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/p11_ec.c b/src/p11_ec.c
index 6a6baf7..b60f06f 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -37,6 +37,10 @@
#include <openssl/ecdh.h>
#endif
+typedef int (*compute_key_fn)(void *, size_t, const EC_POINT *, const EC_KEY *,
+ void *(*)(const void *, size_t, void *, size_t *));
+static compute_key_fn ossl_ecdh_compute_key;
+
static int ec_ex_index = 0;
#ifndef OPENSSL_NO_EC
@@ -398,8 +402,8 @@ static int pkcs11_ec_ckey(void *out,
#else
key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index);
#endif
- if (key == NULL)
- return -1;
+ if (key == NULL) /* The private key is not handled by PKCS#11 */
+ return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF);
/* both peer and ecdh use same group parameters */
parms = pkcs11_ecdh_params_alloc(EC_KEY_get0_group(ecdh), peer_point);
@@ -478,9 +482,6 @@ void ECDSA_METHOD_set_sign(ECDSA_METHOD *m, sign_fn f)
/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */
-typedef int (*compute_key_fn)(void *, size_t, const EC_POINT *, const EC_KEY *,
- void *(*)(const void *, size_t, void *, size_t *));
-
/* Data pointers and function pointers may have different sizes on some
* architectures */
struct ecdh_method {
@@ -510,6 +511,11 @@ void ECDH_METHOD_free(ECDH_METHOD *m)
OPENSSL_free(m);
}
+void ECDH_METHOD_get_compute_key(ECDH_METHOD *m, compute_key_fn *f)
+{
+ *f = m->compute_key;
+}
+
void ECDH_METHOD_set_compute_key(ECDH_METHOD *m, compute_key_fn f)
{
m->compute_key = f;
@@ -541,6 +547,7 @@ EC_KEY_METHOD *PKCS11_get_ec_key_method(void)
ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
EC_KEY_METHOD_get_sign(ops, &orig_sign, NULL, NULL);
EC_KEY_METHOD_set_sign(ops, orig_sign, NULL, pkcs11_ecdsa_sign_sig);
+ EC_KEY_METHOD_get_compute_key(ops, &ossl_ecdh_compute_key);
EC_KEY_METHOD_set_compute_key(ops, pkcs11_ec_ckey);
}
return ops;
@@ -584,6 +591,7 @@ ECDH_METHOD *PKCS11_get_ecdh_method(void)
if (ops == NULL) {
alloc_ec_ex_index();
ops = ECDH_METHOD_new((ECDH_METHOD *)ECDH_OpenSSL());
+ ECDH_METHOD_get_compute_key(ops, &ossl_ecdh_compute_key);
ECDH_METHOD_set_compute_key(ops, pkcs11_ec_ckey);
}
return ops;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list