Skip to content

Commit fe4da3a

Browse files
dengertdengert
committed
pkcs11-tool.c - fix problem with duplince case statmente
Con in derive_ec_derive wasw rewritten to work with iOpenSSL 1.1.1 3.+
1 parent 39f3f9e commit fe4da3a

File tree

1 file changed

+31
-41
lines changed

1 file changed

+31
-41
lines changed

src/tools/pkcs11-tool.c

+31-41
Original file line numberDiff line numberDiff line change
@@ -5179,8 +5179,8 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
51795179
unsigned char * der = NULL;
51805180
unsigned char * derp = NULL;
51815181
size_t der_size = 0;
5182-
EVP_PKEY *pkey = NULL;
5183-
int key_id = 0; /* nid of peer key */
5182+
EVP_PKEY *pkey = NULL; /* peer key */
5183+
int key_id = 0; /* nid of peer key must match nid of key */
51845184
#if OPENSSL_VERSION_NUMBER < 0x30000000L
51855185
EC_KEY *eckey = NULL;
51865186
const EC_GROUP *ecgroup = NULL;
@@ -5210,9 +5210,11 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
52105210
util_fatal("Cannot read peer EC key from %s", opt_input);
52115211

52125212
key_id = EVP_PKEY_id(pkey);
5213+
if (key_id == 0)
5214+
util_fatal("Unknown key type of peer key");
52135215

52145216
switch (key_id) {
5215-
case EVP_PKEY_EC: /* CKK_EC*/
5217+
case EVP_PKEY_EC: /* CKK_EC need to get curves of pkey and key */
52165218

52175219
#if OPENSSL_VERSION_NUMBER < 0x30000000L
52185220
eckey = EVP_PKEY_get0_EC_KEY(pkey);
@@ -5230,26 +5232,37 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
52305232
key_len = (EC_GROUP_get_degree(ecgroup) + 7) / 8;
52315233
FILL_ATTR(newkey_template[n_attrs], CKA_VALUE_LEN, &key_len, sizeof(key_len));
52325234
n_attrs++;
5233-
break;
5234-
}
52355235

5236-
if (opt_allowed_mechanisms_len > 0) {
5237-
FILL_ATTR(newkey_template[n_attrs],
5238-
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,
5239-
sizeof(CK_MECHANISM_TYPE) * opt_allowed_mechanisms_len);
5240-
n_attrs++;
5241-
}
5236+
if (opt_allowed_mechanisms_len > 0) {
5237+
FILL_ATTR(newkey_template[n_attrs],
5238+
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,
5239+
sizeof(CK_MECHANISM_TYPE) * opt_allowed_mechanisms_len);
5240+
n_attrs++;
5241+
}
52425242

52435243
#if OPENSSL_VERSION_NUMBER < 0x30000000L
5244-
switch (key_id) {
5245-
case EVP_PKEY_EC:
5246-
buf_size = EC_POINT_point2oct(ecgroup, ecpoint, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
5244+
buf_size = EC_POINT_point2oct(ecgroup, ecpoint, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
52475245
buf = (unsigned char *)malloc(buf_size);
52485246
if (buf == NULL)
5249-
util_fatal("malloc() failure\n");
5247+
util_fatal("malloc() failure\n");
52505248
buf_size = EC_POINT_point2oct(ecgroup, ecpoint, POINT_CONVERSION_UNCOMPRESSED, buf, buf_size, NULL);
5249+
#else
5250+
EC_GROUP_free(ecgroup);
5251+
EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0, &buf_size);
5252+
if ((buf = (unsigned char *)malloc(buf_size)) == NULL)
5253+
util_fatal("malloc() failure\n");
5254+
5255+
if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, buf, buf_size, NULL) != 1) {
5256+
free(buf);
5257+
util_fatal("Failed to parse other EC key from %s", opt_input);
5258+
}
5259+
#endif
5260+
if (mech_mech != CKM_ECDH1_DERIVE && mech_mech != CKM_ECDH1_COFACTOR_DERIVE)
5261+
util_fatal("Peer key %s not usable with %s", "CKK_EC", p11_mechanism_to_name(mech_mech));
52515262
break;
5252-
case EVP_PKEY_X25519:
5263+
5264+
#if defined(EVP_PKEY_X25519)
5265+
case EVP_PKEY_X25519: /* "CKK_EC_MONTGOMERY */
52535266
#if defined(EVP_PKEY_X448)
52545267
case EVP_PKEY_X448:
52555268
#endif
@@ -5260,34 +5273,11 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
52605273
if (buf == NULL)
52615274
util_fatal("malloc() failure\n");
52625275
EVP_PKEY_get_raw_public_key(pkey, buf, &buf_size);
5263-
break;
5264-
default:
5265-
util_fatal("Unknown EVP_PKEY_id\n");
5266-
}
5267-
#else
5268-
EC_GROUP_free(ecgroup);
5269-
EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0, &buf_size);
5270-
if ((buf = (unsigned char *)malloc(buf_size)) == NULL)
5271-
util_fatal("malloc() failure\n");
5272-
5273-
if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, buf, buf_size, NULL) != 1) {
5274-
free(buf);
5275-
util_fatal("Failed to parse peer EC key from %s", opt_input);
5276-
}
5277-
#endif
5278-
5279-
switch (key_id) {
5280-
case EVP_PKEY_EC: /* CKK_EC*/
5281-
if (mech_mech != CKM_ECDH1_DERIVE && mech_mech != CKM_ECDH1_COFACTOR_DERIVE)
5282-
util_fatal("Peer key %s not usable with %s", "CKK_EC", p11_mechanism_to_name(mech_mech));
5283-
break;
5284-
case EVP_PKEY_X25519: /* "CKK_EC_MONTGOMERY */
5285-
#if defined(EVP_PKEY_X448)
5286-
case EVP_PKEY_X448:
5287-
#endif
5276+
52885277
if (mech_mech != CKM_ECDH1_DERIVE)
52895278
util_fatal("Peer key %s not usable with %s", "CKK_EC_MONTGOMERY", p11_mechanism_to_name(mech_mech));
52905279
break;
5280+
#endif /* defined(EVP_PKEY_X25519) */
52915281
default:
52925282
util_fatal("Peer key not usable with derive or unknown %i", key_id);
52935283
break;

0 commit comments

Comments
 (0)