Gitweb links:
...log
http://git.netsurf-browser.org/netsurf.git/shortlog/a9eecb30a70c3c68f5383b2ec897e3131ef2124e
...commit
http://git.netsurf-browser.org/netsurf.git/commit/a9eecb30a70c3c68f5383b2ec897e3131ef2124e
...tree
http://git.netsurf-browser.org/netsurf.git/tree/a9eecb30a70c3c68f5383b2ec897e3131ef2124e
The branch, master has been updated
via a9eecb30a70c3c68f5383b2ec897e3131ef2124e (commit)
via 09b39f2dc7c067d6e63bad7d11eb71239951cb07 (commit)
via cd7ed847d4ba10f1dd8e987df4b42037f55e1435 (commit)
via 2c42b1898c2dcd8a81bb226a56097f3493a67aec (commit)
from 6f99d28488c0eb39722079340864563318c7ef6b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=a9eecb30a70c3c68f5383b2ec897e3131ef2124e
commit a9eecb30a70c3c68f5383b2ec897e3131ef2124e
Author: John-Mark Bell <[email protected]>
Commit: John-Mark Bell <[email protected]>
About/Cert: get EC key details using OpenSSL 3 APIs
Replace the fetching and poking around inside the low-level EC
object with appropriate calls to EVP_PKEY_get_(octet|utf8)_string_param()
and add a compatibility layer for old versions of OpenSSL.
diff --git a/content/fetchers/about/certificate.c
b/content/fetchers/about/certificate.c
index 70487ee..554f06e 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -198,6 +198,104 @@ static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
return (result != NULL) ? 1 : 0;
}
+
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
+
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
#elif (OPENSSL_VERSION_NUMBER < 0x1010100fL)
/* 1.1.0 */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -254,6 +352,104 @@ static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
return (result != NULL) ? 1 : 0;
}
+
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
+
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
/* 1.1.1 */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -294,6 +490,104 @@ static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
return (result != NULL) ? 1 : 0;
}
+
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
+
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
#else
/* 3.x and later */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -301,6 +595,8 @@ static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
#define ns_RSA_get0_n RSA_get0_n
#define ns_RSA_get0_e RSA_get0_e
#define ns_EVP_PKEY_get_bn_param EVP_PKEY_get_bn_param
+#define ns_EVP_PKEY_get_octet_string_param EVP_PKEY_get_octet_string_param
+#define ns_EVP_PKEY_get_utf8_string_param EVP_PKEY_get_utf8_string_param
#endif
/**
@@ -538,43 +834,43 @@ dh_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
static nserror
ec_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- const EC_GROUP *ecgroup;
- const EC_POINT *ecpoint;
- BN_CTX *bnctx;
- char *ecpoint_hex;
- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-
- if (ec == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
+ size_t len;
ikey->algor = strdup("Elliptic Curve");
ikey->size = EVP_PKEY_bits(pkey);
- ecgroup = EC_KEY_get0_group(ec);
-
- if (ecgroup != NULL) {
- ikey->curve =
strdup(OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup)));
+ len = 0;
+ ns_EVP_PKEY_get_utf8_string_param(pkey, "group", NULL, 0, &len);
+ if (len != 0) {
+ ikey->curve = malloc(len + 1);
+ if (ikey->curve != NULL) {
+ if (ns_EVP_PKEY_get_utf8_string_param(pkey, "group",
+ ikey->curve, len + 1, NULL) == 0) {
+ free(ikey->curve);
+ ikey->curve = NULL;
+ }
+ }
+ }
- ecpoint = EC_KEY_get0_public_key(ec);
- if (ecpoint != NULL) {
- bnctx = BN_CTX_new();
- ecpoint_hex = EC_POINT_point2hex(ecgroup,
- ecpoint,
-
POINT_CONVERSION_UNCOMPRESSED,
- bnctx);
- ikey->public = hexdup(ecpoint_hex);
- OPENSSL_free(ecpoint_hex);
- BN_CTX_free(bnctx);
+ len = 0;
+ ns_EVP_PKEY_get_octet_string_param(pkey, "encoded-pub-key",
+ NULL, 0, &len);
+ if (len != 0) {
+ unsigned char *point = malloc(len);
+ if (point != NULL) {
+ if (ns_EVP_PKEY_get_octet_string_param(pkey,
+ "encoded-pub-key", point, len,
+ NULL) == 1) {
+ ikey->public = bindup(point, len);
+ }
+ free(point);
}
}
- EC_KEY_free(ec);
return NSERROR_OK;
}
-
/**
* extract public key information to info structure
*
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=09b39f2dc7c067d6e63bad7d11eb71239951cb07
commit 09b39f2dc7c067d6e63bad7d11eb71239951cb07
Author: John-Mark Bell <[email protected]>
Commit: John-Mark Bell <[email protected]>
About/Cert: get RSA n/e using OpenSSL 3 APIs
Replace the fetching and poking around inside the low-level RSA
object with appropriate calls to EVP_PKEY_get_bn_param() and
add a compatibility layer for old versions of OpenSSL.
diff --git a/content/fetchers/about/certificate.c
b/content/fetchers/about/certificate.c
index e946e38..70487ee 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -165,6 +165,39 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *d)
return d->e;
}
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
+}
#elif (OPENSSL_VERSION_NUMBER < 0x1010100fL)
/* 1.1.0 */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -188,12 +221,86 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *r)
return e;
}
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
+}
+#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
+/* 1.1.1 */
+#define ns_X509_get_signature_nid X509_get_signature_nid
+#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
+#define ns_RSA_get0_n RSA_get0_n
+#define ns_RSA_get0_e RSA_get0_e
+
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
+}
#else
-/* 1.1.1 and later */
+/* 3.x and later */
#define ns_X509_get_signature_nid X509_get_signature_nid
#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
#define ns_RSA_get0_n RSA_get0_n
#define ns_RSA_get0_e RSA_get0_e
+#define ns_EVP_PKEY_get_bn_param EVP_PKEY_get_bn_param
#endif
/**
@@ -350,10 +457,15 @@ static char *bindup(unsigned char *bin, unsigned int
binlen)
static nserror
rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+ BIGNUM *n = NULL, *e = NULL;
char *tmp;
- if (rsa == NULL) {
+ if (ns_EVP_PKEY_get_bn_param(pkey, "n", &n) != 1) {
+ return NSERROR_BAD_PARAMETER;
+ }
+
+ if (ns_EVP_PKEY_get_bn_param(pkey, "e", &e) != 1) {
+ BN_free(n);
return NSERROR_BAD_PARAMETER;
}
@@ -361,19 +473,20 @@ rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
ikey->size = EVP_PKEY_bits(pkey);
- tmp = BN_bn2hex(ns_RSA_get0_n(rsa));
+ tmp = BN_bn2hex(n);
if (tmp != NULL) {
ikey->modulus = hexdup(tmp);
OPENSSL_free(tmp);
}
- tmp = BN_bn2dec(ns_RSA_get0_e(rsa));
+ tmp = BN_bn2dec(e);
if (tmp != NULL) {
ikey->exponent = strdup(tmp);
OPENSSL_free(tmp);
}
- RSA_free(rsa);
+ BN_free(e);
+ BN_free(n);
return NSERROR_OK;
}
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=cd7ed847d4ba10f1dd8e987df4b42037f55e1435
commit cd7ed847d4ba10f1dd8e987df4b42037f55e1435
Author: John-Mark Bell <[email protected]>
Commit: John-Mark Bell <[email protected]>
About/Cert: use EVP_PKEY_bits to get key size
diff --git a/content/fetchers/about/certificate.c
b/content/fetchers/about/certificate.c
index a92575a..e946e38 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -165,21 +165,6 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *d)
return d->e;
}
-static int ns_RSA_bits(const RSA *rsa)
-{
- return RSA_size(rsa) * 8;
-}
-
-static int ns_DSA_bits(const DSA *dsa)
-{
- return DSA_size(dsa) * 8;
-}
-
-static int ns_DH_bits(const DH *dh)
-{
- return DH_size(dh) * 8;
-}
-
#elif (OPENSSL_VERSION_NUMBER < 0x1010100fL)
/* 1.1.0 */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -203,19 +188,12 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *r)
return e;
}
-#define ns_RSA_bits RSA_bits
-#define ns_DSA_bits DSA_bits
-#define ns_DH_bits DH_bits
-
#else
/* 1.1.1 and later */
#define ns_X509_get_signature_nid X509_get_signature_nid
#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
#define ns_RSA_get0_n RSA_get0_n
#define ns_RSA_get0_e RSA_get0_e
-#define ns_RSA_bits RSA_bits
-#define ns_DSA_bits DSA_bits
-#define ns_DH_bits DH_bits
#endif
/**
@@ -381,7 +359,7 @@ rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
ikey->algor = strdup("RSA");
- ikey->size = ns_RSA_bits(rsa);
+ ikey->size = EVP_PKEY_bits(pkey);
tmp = BN_bn2hex(ns_RSA_get0_n(rsa));
if (tmp != NULL) {
@@ -411,17 +389,9 @@ rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
static nserror
dsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-
- if (dsa == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
-
ikey->algor = strdup("DSA");
- ikey->size = ns_DSA_bits(dsa);
-
- DSA_free(dsa);
+ ikey->size = EVP_PKEY_bits(pkey);
return NSERROR_OK;
}
@@ -437,17 +407,9 @@ dsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
static nserror
dh_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- DH *dh = EVP_PKEY_get1_DH(pkey);
-
- if (dh == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
-
ikey->algor = strdup("Diffie Hellman");
- ikey->size = ns_DH_bits(dh);
-
- DH_free(dh);
+ ikey->size = EVP_PKEY_bits(pkey);
return NSERROR_OK;
}
@@ -475,11 +437,11 @@ ec_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
ikey->algor = strdup("Elliptic Curve");
+ ikey->size = EVP_PKEY_bits(pkey);
+
ecgroup = EC_KEY_get0_group(ec);
if (ecgroup != NULL) {
- ikey->size = EC_GROUP_get_degree(ecgroup);
-
ikey->curve =
strdup(OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup)));
ecpoint = EC_KEY_get0_public_key(ec);
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=2c42b1898c2dcd8a81bb226a56097f3493a67aec
commit 2c42b1898c2dcd8a81bb226a56097f3493a67aec
Author: John-Mark Bell <[email protected]>
Commit: John-Mark Bell <[email protected]>
About/Cert: contain pkey inspection in type methods
Use of the low-level key types is deprecated in OpenSSL 3. Prepare
to stop using them by removing them from function calls.
diff --git a/content/fetchers/about/certificate.c
b/content/fetchers/about/certificate.c
index 0d0d6f5..a92575a 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -365,13 +365,14 @@ static char *bindup(unsigned char *bin, unsigned int
binlen)
/**
* extract RSA key information to info structure
*
- * \param rsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The RSA key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-rsa_to_info(RSA *rsa, struct ns_cert_pkey *ikey)
+rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
+ RSA *rsa = EVP_PKEY_get1_RSA(pkey);
char *tmp;
if (rsa == NULL) {
@@ -403,13 +404,15 @@ rsa_to_info(RSA *rsa, struct ns_cert_pkey *ikey)
/**
* extract DSA key information to info structure
*
- * \param dsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The DSA key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-dsa_to_info(DSA *dsa, struct ns_cert_pkey *ikey)
+dsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
+ DSA *dsa = EVP_PKEY_get1_DSA(pkey);
+
if (dsa == NULL) {
return NSERROR_BAD_PARAMETER;
}
@@ -427,13 +430,15 @@ dsa_to_info(DSA *dsa, struct ns_cert_pkey *ikey)
/**
* extract DH key information to info structure
*
- * \param dsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The DH key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-dh_to_info(DH *dh, struct ns_cert_pkey *ikey)
+dh_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
+ DH *dh = EVP_PKEY_get1_DH(pkey);
+
if (dh == NULL) {
return NSERROR_BAD_PARAMETER;
}
@@ -451,17 +456,18 @@ dh_to_info(DH *dh, struct ns_cert_pkey *ikey)
/**
* extract EC key information to info structure
*
- * \param ec The EC key to examine. The reference is dropped on return
+ * \param pkey The EC key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-ec_to_info(EC_KEY *ec, struct ns_cert_pkey *ikey)
+ec_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
const EC_GROUP *ecgroup;
const EC_POINT *ecpoint;
BN_CTX *bnctx;
char *ecpoint_hex;
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
if (ec == NULL) {
return NSERROR_BAD_PARAMETER;
@@ -512,19 +518,19 @@ pkey_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
- res = rsa_to_info(EVP_PKEY_get1_RSA(pkey), ikey);
+ res = rsa_to_info(pkey, ikey);
break;
case EVP_PKEY_DSA:
- res = dsa_to_info(EVP_PKEY_get1_DSA(pkey), ikey);
+ res = dsa_to_info(pkey, ikey);
break;
case EVP_PKEY_DH:
- res = dh_to_info(EVP_PKEY_get1_DH(pkey), ikey);
+ res = dh_to_info(pkey, ikey);
break;
case EVP_PKEY_EC:
- res = ec_to_info(EVP_PKEY_get1_EC_KEY(pkey), ikey);
+ res = ec_to_info(pkey, ikey);
break;
default:
-----------------------------------------------------------------------
Summary of changes:
content/fetchers/about/certificate.c | 521 +++++++++++++++++++++++++++++-----
1 file changed, 449 insertions(+), 72 deletions(-)
diff --git a/content/fetchers/about/certificate.c
b/content/fetchers/about/certificate.c
index 0d0d6f5..554f06e 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -165,21 +165,137 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *d)
return d->e;
}
-static int ns_RSA_bits(const RSA *rsa)
-{
- return RSA_size(rsa) * 8;
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
}
-static int ns_DSA_bits(const DSA *dsa)
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
{
- return DSA_size(dsa) * 8;
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
}
-static int ns_DH_bits(const DH *dh)
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
{
- return DH_size(dh) * 8;
-}
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
#elif (OPENSSL_VERSION_NUMBER < 0x1010100fL)
/* 1.1.0 */
#define ns_X509_get_signature_nid X509_get_signature_nid
@@ -203,19 +319,284 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *r)
return e;
}
-#define ns_RSA_bits RSA_bits
-#define ns_DSA_bits DSA_bits
-#define ns_DH_bits DH_bits
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
+}
+
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
+
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+ EC_KEY_free(ec);
+
+ return ret;
+}
+#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
+/* 1.1.1 */
+#define ns_X509_get_signature_nid X509_get_signature_nid
+#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
+#define ns_RSA_get0_n RSA_get0_n
+#define ns_RSA_get0_e RSA_get0_e
+
+static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
+ const char *key_name, BIGNUM **bn) {
+ RSA *rsa;
+ BIGNUM *result = NULL;
+
+ /* Check parameters: only support allocation-form *bn */
+ if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
+ return 0;
+
+ /* Only support RSA keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+ return 0;
+
+ rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
+ if (rsa == NULL)
+ return 0;
+
+ if (strcmp(key_name, "n") == 0) {
+ const BIGNUM *n = ns_RSA_get0_n(rsa);
+ if (n != NULL)
+ result = BN_dup(n);
+ } else if (strcmp(key_name, "e") == 0) {
+ const BIGNUM *e = ns_RSA_get0_e(rsa);
+ if (e != NULL)
+ result = BN_dup(e);
+ }
+
+ RSA_free(rsa);
+
+ *bn = result;
+
+ return (result != NULL) ? 1 : 0;
+}
+
+static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
+ const char *key_name, char *str, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const char *group;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ /* Only support fetching the group */
+ if (strcmp(key_name, "group") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup == NULL) {
+ group = "";
+ } else {
+ group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
+ }
+
+ if (str != NULL && max_len > strlen(group)) {
+ strcpy(str, group);
+ str[strlen(group)] = '\0';
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = strlen(group);
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
+
+static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
+ const char *key_name, unsigned char *buf, size_t max_len,
+ size_t *out_len)
+{
+ const EC_GROUP *ecgroup;
+ const EC_POINT *ecpoint;
+ size_t len;
+ BN_CTX *bnctx;
+ EC_KEY *ec;
+ int ret = 0;
+
+ if (pkey == NULL || key_name == NULL)
+ return 0;
+
+ /* Only support EC keys */
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+
+ if (strcmp(key_name, "encoded-pub-key") != 0)
+ return 0;
+
+ ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
+ if (ec == NULL)
+ return 0;
+
+ ecgroup = EC_KEY_get0_group(ec);
+ if (ecgroup != NULL) {
+ ecpoint = EC_KEY_get0_public_key(ec);
+ if (ecpoint != NULL) {
+ bnctx = BN_CTX_new();
+ len = EC_POINT_point2oct(ecgroup,
+ ecpoint,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ bnctx);
+ if (len != 0 && len <= max_len) {
+ if (EC_POINT_point2oct(ecgroup,
+ ecpoint,
+
POINT_CONVERSION_UNCOMPRESSED,
+ buf,
+ len,
+ bnctx) == len)
+ ret = 1;
+ }
+ if (out_len != NULL)
+ *out_len = len;
+ BN_CTX_free(bnctx);
+ }
+ }
+
+ EC_KEY_free(ec);
+
+ return ret;
+}
#else
-/* 1.1.1 and later */
+/* 3.x and later */
#define ns_X509_get_signature_nid X509_get_signature_nid
#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
#define ns_RSA_get0_n RSA_get0_n
#define ns_RSA_get0_e RSA_get0_e
-#define ns_RSA_bits RSA_bits
-#define ns_DSA_bits DSA_bits
-#define ns_DH_bits DH_bits
+#define ns_EVP_PKEY_get_bn_param EVP_PKEY_get_bn_param
+#define ns_EVP_PKEY_get_octet_string_param EVP_PKEY_get_octet_string_param
+#define ns_EVP_PKEY_get_utf8_string_param EVP_PKEY_get_utf8_string_param
#endif
/**
@@ -365,36 +746,43 @@ static char *bindup(unsigned char *bin, unsigned int
binlen)
/**
* extract RSA key information to info structure
*
- * \param rsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The RSA key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-rsa_to_info(RSA *rsa, struct ns_cert_pkey *ikey)
+rsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
+ BIGNUM *n = NULL, *e = NULL;
char *tmp;
- if (rsa == NULL) {
+ if (ns_EVP_PKEY_get_bn_param(pkey, "n", &n) != 1) {
+ return NSERROR_BAD_PARAMETER;
+ }
+
+ if (ns_EVP_PKEY_get_bn_param(pkey, "e", &e) != 1) {
+ BN_free(n);
return NSERROR_BAD_PARAMETER;
}
ikey->algor = strdup("RSA");
- ikey->size = ns_RSA_bits(rsa);
+ ikey->size = EVP_PKEY_bits(pkey);
- tmp = BN_bn2hex(ns_RSA_get0_n(rsa));
+ tmp = BN_bn2hex(n);
if (tmp != NULL) {
ikey->modulus = hexdup(tmp);
OPENSSL_free(tmp);
}
- tmp = BN_bn2dec(ns_RSA_get0_e(rsa));
+ tmp = BN_bn2dec(e);
if (tmp != NULL) {
ikey->exponent = strdup(tmp);
OPENSSL_free(tmp);
}
- RSA_free(rsa);
+ BN_free(e);
+ BN_free(n);
return NSERROR_OK;
}
@@ -403,22 +791,16 @@ rsa_to_info(RSA *rsa, struct ns_cert_pkey *ikey)
/**
* extract DSA key information to info structure
*
- * \param dsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The DSA key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-dsa_to_info(DSA *dsa, struct ns_cert_pkey *ikey)
+dsa_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- if (dsa == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
-
ikey->algor = strdup("DSA");
- ikey->size = ns_DSA_bits(dsa);
-
- DSA_free(dsa);
+ ikey->size = EVP_PKEY_bits(pkey);
return NSERROR_OK;
}
@@ -427,22 +809,16 @@ dsa_to_info(DSA *dsa, struct ns_cert_pkey *ikey)
/**
* extract DH key information to info structure
*
- * \param dsa The RSA key to examine. The reference is dropped on return
+ * \param pkey The DH key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-dh_to_info(DH *dh, struct ns_cert_pkey *ikey)
+dh_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- if (dh == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
-
ikey->algor = strdup("Diffie Hellman");
- ikey->size = ns_DH_bits(dh);
-
- DH_free(dh);
+ ikey->size = EVP_PKEY_bits(pkey);
return NSERROR_OK;
}
@@ -451,49 +827,50 @@ dh_to_info(DH *dh, struct ns_cert_pkey *ikey)
/**
* extract EC key information to info structure
*
- * \param ec The EC key to examine. The reference is dropped on return
+ * \param pkey The EC key to examine.
* \param ikey The public key info structure to fill
* \rerun NSERROR_OK on success else error code.
*/
static nserror
-ec_to_info(EC_KEY *ec, struct ns_cert_pkey *ikey)
+ec_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
{
- const EC_GROUP *ecgroup;
- const EC_POINT *ecpoint;
- BN_CTX *bnctx;
- char *ecpoint_hex;
-
- if (ec == NULL) {
- return NSERROR_BAD_PARAMETER;
- }
+ size_t len;
ikey->algor = strdup("Elliptic Curve");
- ecgroup = EC_KEY_get0_group(ec);
-
- if (ecgroup != NULL) {
- ikey->size = EC_GROUP_get_degree(ecgroup);
-
- ikey->curve =
strdup(OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup)));
+ ikey->size = EVP_PKEY_bits(pkey);
+
+ len = 0;
+ ns_EVP_PKEY_get_utf8_string_param(pkey, "group", NULL, 0, &len);
+ if (len != 0) {
+ ikey->curve = malloc(len + 1);
+ if (ikey->curve != NULL) {
+ if (ns_EVP_PKEY_get_utf8_string_param(pkey, "group",
+ ikey->curve, len + 1, NULL) == 0) {
+ free(ikey->curve);
+ ikey->curve = NULL;
+ }
+ }
+ }
- ecpoint = EC_KEY_get0_public_key(ec);
- if (ecpoint != NULL) {
- bnctx = BN_CTX_new();
- ecpoint_hex = EC_POINT_point2hex(ecgroup,
- ecpoint,
-
POINT_CONVERSION_UNCOMPRESSED,
- bnctx);
- ikey->public = hexdup(ecpoint_hex);
- OPENSSL_free(ecpoint_hex);
- BN_CTX_free(bnctx);
+ len = 0;
+ ns_EVP_PKEY_get_octet_string_param(pkey, "encoded-pub-key",
+ NULL, 0, &len);
+ if (len != 0) {
+ unsigned char *point = malloc(len);
+ if (point != NULL) {
+ if (ns_EVP_PKEY_get_octet_string_param(pkey,
+ "encoded-pub-key", point, len,
+ NULL) == 1) {
+ ikey->public = bindup(point, len);
+ }
+ free(point);
}
}
- EC_KEY_free(ec);
return NSERROR_OK;
}
-
/**
* extract public key information to info structure
*
@@ -512,19 +889,19 @@ pkey_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey)
switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
- res = rsa_to_info(EVP_PKEY_get1_RSA(pkey), ikey);
+ res = rsa_to_info(pkey, ikey);
break;
case EVP_PKEY_DSA:
- res = dsa_to_info(EVP_PKEY_get1_DSA(pkey), ikey);
+ res = dsa_to_info(pkey, ikey);
break;
case EVP_PKEY_DH:
- res = dh_to_info(EVP_PKEY_get1_DH(pkey), ikey);
+ res = dh_to_info(pkey, ikey);
break;
case EVP_PKEY_EC:
- res = ec_to_info(EVP_PKEY_get1_EC_KEY(pkey), ikey);
+ res = ec_to_info(pkey, ikey);
break;
default:
--
NetSurf Browser
_______________________________________________
netsurf-commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
