From 5488bb6197b9af7a4670fb88936f0b53a9af0d2f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Mon, 12 Aug 2002 08:47:41 +0000 Subject: [PATCH] get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) Submitted by: Nils Larsch --- apps/ca.c | 4 ++-- apps/req.c | 5 +++-- apps/speed.c | 12 ++++++++---- apps/x509.c | 6 +++--- crypto/evp/evp.h | 7 +++---- crypto/evp/evp_pkey.c | 14 +++++++------- crypto/evp/p_lib.c | 6 +++--- crypto/pem/pem_pkey.c | 2 +- crypto/pkcs7/pk7_doit.c | 4 ++-- crypto/pkcs7/pk7_lib.c | 4 ++-- crypto/x509/x509type.c | 8 ++++---- ssl/s3_both.c | 7 ++----- ssl/s3_clnt.c | 6 +++--- ssl/s3_srvr.c | 6 +++--- 14 files changed, 46 insertions(+), 45 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 9633a39f78..39956e89a4 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1515,7 +1515,7 @@ bad: else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) dgst=EVP_ecdsa(); else #endif @@ -2293,7 +2293,7 @@ again2: EVP_PKEY_free(pktmp); #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) dgst = EVP_ecdsa(); pktmp = X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && diff --git a/apps/req.c b/apps/req.c index b6bc85e387..1f24be79bd 100644 --- a/apps/req.c +++ b/apps/req.c @@ -682,7 +682,8 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA) + if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || + EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) @@ -852,7 +853,7 @@ loop: digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) digest=EVP_ecdsa(); #endif if (req == NULL) diff --git a/apps/speed.c b/apps/speed.c index 4a77e8af58..abcede337e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1937,7 +1937,7 @@ int MAIN(int argc, char **argv) { /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); - ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, + ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); if (ret == 0) { @@ -1953,9 +1953,12 @@ int MAIN(int argc, char **argv) ECDSA_SECONDS); Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][0]); count++) + for (count=0,run=1; COND(ecdsa_c[j][0]); + count++) { - ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); + ret=ECDSA_sign(0, buf, 20, + ecdsasig, &ecdsasiglen, + ecdsa[j]); if (ret == 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); @@ -1974,7 +1977,8 @@ int MAIN(int argc, char **argv) } /* Perform ECDSA verification test */ - ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); + ret=ECDSA_verify(0, buf, 20, ecdsasig, + ecdsasiglen, ecdsa[j]); if (ret != 1) { BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); diff --git a/apps/x509.c b/apps/x509.c index 67476e34cf..aa06462b9f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -870,7 +870,7 @@ bad: digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (Upkey->type == EVP_PKEY_ECDSA) + if (Upkey->type == EVP_PKEY_EC) digest=EVP_ecdsa(); #endif @@ -894,7 +894,7 @@ bad: digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (CApkey->type == EVP_PKEY_ECDSA) + if (CApkey->type == EVP_PKEY_EC) digest = EVP_ecdsa(); #endif @@ -929,7 +929,7 @@ bad: digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (pk->type == EVP_PKEY_ECDSA) + if (pk->type == EVP_PKEY_EC) digest=EVP_ecdsa(); #endif diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index e4d60eeb4d..10e9e414c5 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -150,13 +150,13 @@ #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 #define EVP_PK_DH 0x0004 -#define EVP_PK_ECDSA 0x0008 +#define EVP_PK_EC 0x0008 #define EVP_PKT_SIGN 0x0010 #define EVP_PKT_ENC 0x0020 #define EVP_PKT_EXCH 0x0040 #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 -#define EVP_PKS_ECDSA 0x0400 +#define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef @@ -169,7 +169,6 @@ #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -#define EVP_PKEY_ECDSA EVP_PKEY_EC #ifdef __cplusplus extern "C" { @@ -310,7 +309,7 @@ struct env_md_st #ifndef OPENSSL_NO_ECDSA #define EVP_PKEY_ECDSA_method ECDSA_sign,ECDSA_verify, \ - {EVP_PKEY_ECDSA,0,0,0} + {EVP_PKEY_EC,0,0,0} #else #define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method #endif diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 25f920201f..43200a91a8 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -83,7 +83,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_INTEGER *privkey; ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *n_stack = NULL; @@ -124,7 +124,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign_RSA (pkey, rsa); break; #endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) case NID_ecdsa_with_SHA1: case NID_dsa: /* PKCS#8 DSA/ECDSA is weird: you just get a private key integer @@ -235,7 +235,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) } else /* nid == NID_ecdsa_with_SHA1 */ { -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if ((eckey = d2i_ECParameters(NULL, &cp, plen)) == NULL) { @@ -350,8 +350,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) break; #endif -#ifndef OPENSSL_NO_ECDSA - case EVP_PKEY_ECDSA: +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: if (!eckey_pkey2pkcs8(p8, pkey)) { PKCS8_PRIV_KEY_INFO_free(p8); @@ -529,7 +529,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) q = p; if (!i2d_ECParameters(pkey->pkey.eckey, &q)) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ECDSA_LIB); + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); OPENSSL_free(p); return 0; } @@ -703,7 +703,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { - EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free); return 0; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index ac0556b488..1056e4bffd 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -137,8 +137,8 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(ret); } #endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) { int ret = pkey->save_parameters; @@ -182,7 +182,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) } #endif #ifndef OPENSSL_NO_EC - if (to->type == EVP_PKEY_ECDSA) + if (to->type == EVP_PKEY_EC) { if (to->pkey.eckey->group != NULL) EC_GROUP_free(to->pkey.eckey->group); diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8d5f48f73a..92a55f536a 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -83,7 +83,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo else if (strcmp(nm,PEM_STRING_DSA) == 0) ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) - ret=d2i_PrivateKey(EVP_PKEY_ECDSA,x,&p,len); + ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index f589508fdd..1c0a9c9edf 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -629,7 +629,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) ctx_tmp.digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (si->pkey->type == EVP_PKEY_ECDSA) + if (si->pkey->type == EVP_PKEY_EC) ctx_tmp.digest=EVP_ecdsa(); #endif @@ -830,7 +830,7 @@ for (ii=0; iitype == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa(); + if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); #endif i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index b7c18cbf72..c913c59791 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -310,7 +310,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, int nid; char is_dsa; - if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) is_dsa = 1; else is_dsa = 0; @@ -363,7 +363,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, #endif p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ } - else if (nid == EVP_PKEY_ECDSA) + else if (nid == EVP_PKEY_EC) { p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 7673c1ba03..8eaf102480 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -86,8 +86,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_DSA: ret=EVP_PK_DSA|EVP_PKT_SIGN; break; - case EVP_PKEY_ECDSA: - ret=EVP_PK_ECDSA|EVP_PKT_SIGN; + case EVP_PKEY_EC: + ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; break; case EVP_PKEY_DH: ret=EVP_PK_DH|EVP_PKT_EXCH; @@ -105,8 +105,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKS_DSA: ret|=EVP_PKS_DSA; break; - case EVP_PKS_ECDSA: - ret|=EVP_PKS_ECDSA; + case EVP_PKS_EC: + ret|=EVP_PKS_EC; break; default: break; diff --git a/ssl/s3_both.c b/ssl/s3_both.c index a5588360e5..2e03a70fc7 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -526,10 +526,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) } } #ifndef OPENSSL_NO_EC - /* XXX: Structurally, there is no distinction between - * ECDSA and ECDH public keys (both are ECPoints). - * So EVP_PKEY_ECDSA should really be renamed EVP_PKEY_ECC - * (or similar). As for ECC certificates, additional + /* As for ECC certificates, additional * information (e.g. in the optional key usage X509v3 * extension) could be used when available to distinguish * between ECDH and ECDSA certificates. For now, we do not @@ -537,7 +534,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) * of checking for appropriate key usage to the SSL code * responsible for sending/processing ECC certificates. */ - else if (i == EVP_PKEY_ECDSA) + else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 74e1e529f8..cb93c5a1ae 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1349,7 +1349,7 @@ static int ssl3_get_key_exchange(SSL *s) else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL); @@ -1907,7 +1907,7 @@ static int ssl3_send_client_key_exchange(SSL *s) srvr_pub_pkey = X509_get_pubkey(s->session-> \ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); if ((srvr_pub_pkey == NULL) || - (srvr_pub_pkey->type != EVP_PKEY_ECDSA) || + (srvr_pub_pkey->type != EVP_PKEY_EC) || (srvr_pub_pkey->pkey.eckey == NULL)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2118,7 +2118,7 @@ static int ssl3_send_client_verify(SSL *s) else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d26790a017..4b374a9cd6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1446,7 +1446,7 @@ static int ssl3_send_server_key_exchange(SSL *s) else #endif #if !defined(OPENSSL_NO_ECDSA) - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); @@ -2001,7 +2001,7 @@ static int ssl3_get_client_key_exchange(SSL *s) } if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) == NULL) || - (clnt_pub_pkey->type != EVP_PKEY_ECDSA)) + (clnt_pub_pkey->type != EVP_PKEY_EC)) { /* XXX: For now, we do not support client * authentication using ECDH certificates @@ -2228,7 +2228,7 @@ static int ssl3_get_cert_verify(SSL *s) else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) { j=ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), -- 2.25.1