{
int ret;
DH *dh;
+ const DH *dhpub;
DH_PKEY_CTX *dctx = ctx->data;
- BIGNUM *dhpub;
- if (!ctx->pkey || !ctx->peerkey) {
+ BIGNUM *dhpubbn;
+
+ if (ctx->pkey == NULL || ctx->peerkey == NULL) {
ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
return 0;
}
dh = ctx->pkey->pkey.dh;
- dhpub = ctx->peerkey->pkey.dh->pub_key;
+ dhpub = EVP_PKEY_get0_DH(ctx->peerkey);
+ if (dhpub == NULL) {
+ ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
+ return 0;
+ }
+ dhpubbn = dhpub->pub_key;
if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
if (key == NULL) {
*keylen = DH_size(dh);
return 1;
}
if (dctx->pad)
- ret = DH_compute_key_padded(key, dhpub, dh);
+ ret = DH_compute_key_padded(key, dhpubbn, dh);
else
- ret = DH_compute_key(key, dhpub, dh);
+ ret = DH_compute_key(key, dhpubbn, dh);
if (ret < 0)
return ret;
*keylen = ret;
if (Z == NULL) {
goto err;
}
- if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+ if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0)
goto err;
if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
size_t outlen;
const EC_POINT *pubkey = NULL;
EC_KEY *eckey;
+ const EC_KEY *eckeypub;
EC_PKEY_CTX *dctx = ctx->data;
- if (!ctx->pkey || !ctx->peerkey) {
+
+ if (ctx->pkey == NULL || ctx->peerkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET);
+ return 0;
+ }
+ eckeypub = EVP_PKEY_get0_EC_KEY(ctx->peerkey);
+ if (eckeypub == NULL) {
ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET);
return 0;
}
*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
return 1;
}
- pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+ pubkey = EC_KEY_get0_public_key(eckeypub);
/*
* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not
return 0;
}
ecxkey = ctx->pkey->pkey.ecx;
- peerkey = ctx->peerkey->pkey.ecx;
+ peerkey = EVP_PKEY_get0(ctx->peerkey);
if (ecxkey == NULL || ecxkey->privkey == NULL) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY);
return 0;
#ifdef FIPS_MODULE
return ret;
#else
- /*
- * TODO(3.0) investigate the case where the operation is deemed legacy,
- * but the given peer key is provider only.
- */
if (ctx->pmeth == NULL
|| !(ctx->pmeth->derive != NULL
|| ctx->pmeth->encrypt != NULL