/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
-#include <openssl/objects.h>
#include "openssl_ec_diffie_hellman.h"
#include "openssl_ec_util.h"
METHOD(diffie_hellman_t, destroy, void,
private_openssl_ec_diffie_hellman_t *this)
{
- EC_POINT_clear_free(this->pub_key);
- EC_KEY_free(this->key);
+ if (this->pub_key)
+ {
+ EC_POINT_clear_free(this->pub_key);
+ }
+ if (this->key)
+ {
+ EC_KEY_free(this->key);
+ }
chunk_clear(&this->shared_secret);
free(this);
}
openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
{
private_openssl_ec_diffie_hellman_t *this;
+ EC_GROUP *ec_group;
INIT(this,
.public = {
.group = group,
);
- switch (group)
+ ec_group = openssl_ec_group_for_curve(ec_curve_for_dh(group));
+ if (!ec_group)
{
- case ECP_192_BIT:
- this->key = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1);
- break;
- case ECP_224_BIT:
- this->key = EC_KEY_new_by_curve_name(NID_secp224r1);
- break;
- case ECP_256_BIT:
- this->key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- break;
- case ECP_384_BIT:
- this->key = EC_KEY_new_by_curve_name(NID_secp384r1);
- break;
- case ECP_521_BIT:
- this->key = EC_KEY_new_by_curve_name(NID_secp521r1);
- break;
- default:
- this->key = NULL;
- break;
+ free(this);
+ return NULL;
}
- if (!this->key)
+ this->key = EC_KEY_new();
+ if (!this->key || !EC_KEY_set_group(this->key, ec_group))
{
- free(this);
+ EC_GROUP_free(ec_group);
+ destroy(this);
return NULL;
}
-
- /* caching the EC group */
+ /* no need to keep the group around twice */
+ EC_GROUP_free(ec_group);
this->ec_group = EC_KEY_get0_group(this->key);
this->pub_key = EC_POINT_new(this->ec_group);
if (!this->pub_key)
{
- free(this);
+ destroy(this);
return NULL;
}
/* generate an EC private (public) key */
if (!EC_KEY_generate_key(this->key))
{
- free(this);
+ destroy(this);
return NULL;
}
-
return &this->public;
}
#endif /* OPENSSL_NO_EC */
-
PLUGIN_PROVIDE(DH, ECP_521_BIT),
PLUGIN_PROVIDE(DH, ECP_224_BIT),
PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BP),
+ PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(DH, ECP_512_BP),
#endif
#ifndef OPENSSL_NO_ECDSA
/* EC private/public key loading */
projects / thirdparty / strongswan.git / commitdiff
