get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)

Submitted by: Nils Larsch

diff --git a/apps/ca.c b/apps/ca.c
index 9633a39f785b1c4ab18ef369165efbb00690f932..39956e89a44692abdc2d7bb1544da279be5be0a3 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1515,7 +1515,7 @@ bad:
                        else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                       if (pkey->type == EVP_PKEY_ECDSA)
+                       if (pkey->type == EVP_PKEY_EC)
                                dgst=EVP_ecdsa();
                        else
 #endif
@@ -2293,7 +2293,7 @@ again2:
        EVP_PKEY_free(pktmp);
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       if (pkey->type == EVP_PKEY_ECDSA)
+       if (pkey->type == EVP_PKEY_EC)
                dgst = EVP_ecdsa();
        pktmp = X509_get_pubkey(ret);
        if (EVP_PKEY_missing_parameters(pktmp) &&

diff --git a/apps/req.c b/apps/req.c
index b6bc85e3874fae0bff69f0082636177902573c65..1f24be79bdd8709c783d3932149a7e81325baeef 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -682,7 +682,8 @@ bad:
                           message */
                        goto end;
                        }
-               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA)
+               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
+                       EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
                        {
                        char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                        if (randfile == NULL)
@@ -852,7 +853,7 @@ loop:
                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-               if (pkey->type == EVP_PKEY_ECDSA)
+               if (pkey->type == EVP_PKEY_EC)
                        digest=EVP_ecdsa();
 #endif
                if (req == NULL)

diff --git a/apps/speed.c b/apps/speed.c
index 4a77e8af581839172912c6d14b0b14a6548270b2..abcede337e64d60267fe1ac40207090c65d347ad 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1937,7 +1937,7 @@ int MAIN(int argc, char **argv)
                                {
                                /* Perform ECDSA signature test */
                                EC_KEY_generate_key(ecdsa[j]);
-                               ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, 
+                               ret = ECDSA_sign(0, buf, 20, ecdsasig, 
                                        &ecdsasiglen, ecdsa[j]);
                                if (ret == 0) 
                                        {
@@ -1953,9 +1953,12 @@ int MAIN(int argc, char **argv)
                                                ECDSA_SECONDS);
 
                                        Time_F(START);
-                                       for (count=0,run=1; COND(ecdsa_c[j][0]); count++) 
+                                       for (count=0,run=1; COND(ecdsa_c[j][0]);
+                                               count++) 
                                                {
-                                               ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
+                                               ret=ECDSA_sign(0, buf, 20, 
+                                                       ecdsasig, &ecdsasiglen,
+                                                       ecdsa[j]);
                                                if (ret == 0) 
                                                        {
                                                        BIO_printf(bio_err, "ECDSA sign failure\n");
@@ -1974,7 +1977,8 @@ int MAIN(int argc, char **argv)
                                        }
 
                                /* Perform ECDSA verification test */
-                               ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+                               ret=ECDSA_verify(0, buf, 20, ecdsasig, 
+                                       ecdsasiglen, ecdsa[j]);
                                if (ret != 1) 
                                        {
                                        BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");

diff --git a/apps/x509.c b/apps/x509.c
index 67476e34cfb2abceb1cf4695999fb92abf26e6db..aa06462b9f41b3c506ccab6a4fd1f6afeaa2b35e 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -870,7 +870,7 @@ bad:
                                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                               if (Upkey->type == EVP_PKEY_ECDSA)
+                               if (Upkey->type == EVP_PKEY_EC)
                                        digest=EVP_ecdsa();
 #endif
 
@@ -894,7 +894,7 @@ bad:
                                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                               if (CApkey->type == EVP_PKEY_ECDSA)
+                               if (CApkey->type == EVP_PKEY_EC)
                                        digest = EVP_ecdsa();
 #endif
                                
@@ -929,7 +929,7 @@ bad:
                                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                               if (pk->type == EVP_PKEY_ECDSA)
+                               if (pk->type == EVP_PKEY_EC)
                                        digest=EVP_ecdsa();
 #endif
 

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index e4d60eeb4d9550fc774c2587b7127de01be92057..10e9e414c59a5f0614ce678f52c3c3c8c446692a 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -150,13 +150,13 @@
 #define EVP_PK_RSA     0x0001
 #define EVP_PK_DSA     0x0002
 #define EVP_PK_DH      0x0004
-#define EVP_PK_ECDSA   0x0008
+#define EVP_PK_EC      0x0008
 #define EVP_PKT_SIGN   0x0010
 #define EVP_PKT_ENC    0x0020
 #define EVP_PKT_EXCH   0x0040
 #define EVP_PKS_RSA    0x0100
 #define EVP_PKS_DSA    0x0200
-#define EVP_PKS_ECDSA  0x0400
+#define EVP_PKS_EC     0x0400
 #define EVP_PKT_EXP    0x1000 /* <= 512 bit key */
 
 #define EVP_PKEY_NONE  NID_undef
@@ -169,7 +169,6 @@
 #define EVP_PKEY_DSA4  NID_dsaWithSHA1_2
 #define EVP_PKEY_DH    NID_dhKeyAgreement
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
-#define EVP_PKEY_ECDSA EVP_PKEY_EC
 
 #ifdef __cplusplus
 extern "C" {
@@ -310,7 +309,7 @@ struct env_md_st
 
 #ifndef OPENSSL_NO_ECDSA
 #define EVP_PKEY_ECDSA_method   ECDSA_sign,ECDSA_verify, \
-                                 {EVP_PKEY_ECDSA,0,0,0}
+                                 {EVP_PKEY_EC,0,0,0}
 #else   
 #define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
 #endif

diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 25f920201fa905d676d3d6d5df2f8226af702747..43200a91a8c04594a54242b079f04452b0c4450b 100644 (file)
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -83,7 +83,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 #ifndef OPENSSL_NO_EC
        EC_KEY *eckey = NULL;
 #endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
        ASN1_INTEGER *privkey;
        ASN1_TYPE    *t1, *t2, *param = NULL;
        STACK_OF(ASN1_TYPE) *n_stack = NULL;
@@ -124,7 +124,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
                EVP_PKEY_assign_RSA (pkey, rsa);
                break;
 #endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
                case NID_ecdsa_with_SHA1:
                case NID_dsa:
                /* PKCS#8 DSA/ECDSA is weird: you just get a private key integer
@@ -235,7 +235,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
                } 
                else /* nid == NID_ecdsa_with_SHA1 */
                {
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
                        if ((eckey = d2i_ECParameters(NULL, &cp, 
                                plen)) == NULL)
                        {
@@ -350,8 +350,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 
                break;
 #endif
-#ifndef OPENSSL_NO_ECDSA
-               case EVP_PKEY_ECDSA:
+#ifndef OPENSSL_NO_EC
+               case EVP_PKEY_EC:
                if (!eckey_pkey2pkcs8(p8, pkey))
                {
                        PKCS8_PRIV_KEY_INFO_free(p8);
@@ -529,7 +529,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
        q = p;
        if (!i2d_ECParameters(pkey->pkey.eckey, &q))
        {
-               EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ECDSA_LIB);
+               EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB);
                OPENSSL_free(p);
                return 0;
        }
@@ -703,7 +703,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                                         &p8->pkey->value.octet_string->data,
                                         &p8->pkey->value.octet_string->length)) 
                {
-                       EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+                       EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
                        sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free);
                        return 0;
                }

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index ac0556b48808bd1e2cf6adfc6d200de48bcdb73a..1056e4bffdf0f395f1312123dbe3114bfaff1131 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -137,8 +137,8 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
                return(ret);
                }
 #endif
-#ifndef OPENSSL_NO_ECDSA
-       if (pkey->type == EVP_PKEY_ECDSA)
+#ifndef OPENSSL_NO_EC
+       if (pkey->type == EVP_PKEY_EC)
                {
                int ret = pkey->save_parameters;
 
@@ -182,7 +182,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
                }
 #endif
 #ifndef OPENSSL_NO_EC
-       if (to->type == EVP_PKEY_ECDSA)
+       if (to->type == EVP_PKEY_EC)
                {
                if (to->pkey.eckey->group != NULL)
                        EC_GROUP_free(to->pkey.eckey->group);

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 8d5f48f73a5c1d29bfb31f290559573bab5405f0..92a55f536aebbbf958178273ad73e43fe3e0c1a7 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -83,7 +83,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
        else if (strcmp(nm,PEM_STRING_DSA) == 0)
                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
        else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-               ret=d2i_PrivateKey(EVP_PKEY_ECDSA,x,&p,len);
+               ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
                PKCS8_PRIV_KEY_INFO *p8inf;
                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index f589508fdd008581b62c439c57d64ee671ef9f52..1c0a9c9edf28727233d5b5edff383aa083368d49 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -629,7 +629,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                ctx_tmp.digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                       if (si->pkey->type == EVP_PKEY_ECDSA)
+                       if (si->pkey->type == EVP_PKEY_EC)
                                ctx_tmp.digest=EVP_ecdsa();
 #endif
 
@@ -830,7 +830,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa();
+       if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
 #endif
 
        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);

diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index b7c18cbf7242b1bf3bfb2a60caa1d3e8c87f4a07..c913c59791678e08c1dbe5d25de0b777826ed1e5 100644 (file)
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -310,7 +310,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        int nid;
        char is_dsa;
 
-       if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_ECDSA)
+       if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
                is_dsa = 1;
        else
                is_dsa = 0;
@@ -363,7 +363,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 #endif
                p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
                }
-       else if (nid == EVP_PKEY_ECDSA)
+       else if (nid == EVP_PKEY_EC)
                {
                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))

diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 7673c1ba03bf11f754f58b2b5ee25ec6429d0502..8eaf102480ca058ce6413eac6ed71be1fb999e56 100644 (file)
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -86,8 +86,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        case EVP_PKEY_DSA:
                ret=EVP_PK_DSA|EVP_PKT_SIGN;
                break;
-       case EVP_PKEY_ECDSA:
-               ret=EVP_PK_ECDSA|EVP_PKT_SIGN;
+       case EVP_PKEY_EC:
+               ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
                break;
        case EVP_PKEY_DH:
                ret=EVP_PK_DH|EVP_PKT_EXCH;
@@ -105,8 +105,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        case EVP_PKS_DSA:
                ret|=EVP_PKS_DSA;
                break;
-       case EVP_PKS_ECDSA:
-               ret|=EVP_PKS_ECDSA;
+       case EVP_PKS_EC:
+               ret|=EVP_PKS_EC;
                break;
        default:
                break;

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a5588360e53686d43ba28751650e689d8373670b..2e03a70fc79d9a9d8bfd00faa396fdcbd361a189 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -526,10 +526,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                        }
                }
 #ifndef OPENSSL_NO_EC
-       /* XXX: Structurally, there is no distinction between 
-        * ECDSA and ECDH public keys (both are ECPoints).
-        * So EVP_PKEY_ECDSA should really be renamed EVP_PKEY_ECC
-        * (or similar). As for ECC certificates, additional
+       /* As for ECC certificates, additional
         * information (e.g. in the optional key usage X509v3 
         * extension) could be used when available to distinguish
         * between ECDH and ECDSA certificates. For now, we do not
@@ -537,7 +534,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         * of checking for appropriate key usage to the SSL code
         * responsible for sending/processing ECC certificates.
         */
-       else if (i == EVP_PKEY_ECDSA)
+       else if (i == EVP_PKEY_EC)
                {
                ret = SSL_PKEY_ECC;
                }

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 74e1e529f88f014b9bc9757efacfff39d8b63b8d..cb93c5a1ae6d4cabce94963d7f944fd48d6be3eb 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1349,7 +1349,7 @@ static int ssl3_get_key_exchange(SSL *s)
                else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                       if (pkey->type == EVP_PKEY_ECDSA)
+                       if (pkey->type == EVP_PKEY_EC)
                        {
                        /* let's do ECDSA */
                        EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
@@ -1907,7 +1907,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                srvr_pub_pkey = X509_get_pubkey(s->session-> \
                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
                                if ((srvr_pub_pkey == NULL) ||
-                                   (srvr_pub_pkey->type != EVP_PKEY_ECDSA) ||
+                                   (srvr_pub_pkey->type != EVP_PKEY_EC) ||
                                    (srvr_pub_pkey->pkey.eckey == NULL))
                                        {
                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2118,7 +2118,7 @@ static int ssl3_send_client_verify(SSL *s)
                else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                       if (pkey->type == EVP_PKEY_ECDSA)
+                       if (pkey->type == EVP_PKEY_EC)
                        {
                        if (!ECDSA_sign(pkey->save_type,
                                &(data[MD5_DIGEST_LENGTH]),

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d26790a017cb024bfb47a7a59acf68fe21099744..4b374a9cd6554f31c46001e015fb0232f66125e2 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1446,7 +1446,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                        else
 #endif
 #if !defined(OPENSSL_NO_ECDSA)
-                               if (pkey->type == EVP_PKEY_ECDSA)
+                               if (pkey->type == EVP_PKEY_EC)
                                {
                                /* let's do ECDSA */
                                EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
@@ -2001,7 +2001,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 }
                         if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
                            == NULL) || 
-                           (clnt_pub_pkey->type != EVP_PKEY_ECDSA))
+                           (clnt_pub_pkey->type != EVP_PKEY_EC))
                                {
                                /* XXX: For now, we do not support client
                                 * authentication using ECDH certificates
@@ -2228,7 +2228,7 @@ static int ssl3_get_cert_verify(SSL *s)
        else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-               if (pkey->type == EVP_PKEY_ECDSA)
+               if (pkey->type == EVP_PKEY_EC)
                {
                j=ECDSA_verify(pkey->save_type,
                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),