diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 9dc62d57..2f0b9cc2 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -561,23 +561,9 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) aString = ASN1_OCTET_STRING_new(); tempOct = ASN1_OCTET_STRING_new(); temp = NULL; -// char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); len = oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - -/* if(get_oqsname_fromtls(name) == 0) - nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(name); - if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) - keybloblen = 0; // signal error - keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } -*/ ASN1_STRING_set0(tempOct, buf, len); keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); @@ -585,7 +571,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; -// OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); @@ -703,7 +688,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } }else{ int i; -// name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -726,23 +710,14 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen = oqsxkey->privkeylen_cmp[i]; }else buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; + buf = OPENSSL_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[i], buflen); - if(get_oqsname_fromtls(name) != 0) + + if(get_oqsname_fromtls(name) != 0)//include pubkey in privkey for PQC memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - -/* if(get_oqsname_fromtls(name) == 0) - nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else - nid = OBJ_sn2nid(name); - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } -*/ + memcpy(buf, oqsxkey->comp_privkey[i], buflen); + ASN1_STRING_set0(tempOct, buf, buflen); keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); @@ -754,7 +729,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); -// OPENSSL_free(p8info_internal); OPENSSL_free(aType); OPENSSL_free(aString); OPENSSL_free(tempOct); @@ -1041,7 +1015,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); } OQS_ENC_PRINTF2(" encode result: %d\n", ret); -// OQS_ENC_PRINTF2(" encode result: %d\n", ret); return ret; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 7ba93281..e58e13b9 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -248,9 +248,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, return rv; } - - - if (is_composite) { max_sig_len = oqsx_key_maxsize(oqsxkey); @@ -357,9 +354,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; -// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); -// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) -// goto endsign; for (i = 0; i < oqsxkey->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); @@ -461,12 +455,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } } -/* comp_sig = ASN1_BIT_STRING_new(); - comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); - comp_sig->length = oqs_sig_len; - if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) - goto endsign; -*/ if (i == 0){ compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); @@ -482,7 +470,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); -// OPENSSL_free(compsig->sig); OPENSSL_free(compsig); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) @@ -600,13 +587,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if(is_composite){ CompositeSignature* compsig = CompositeSignature_new(); int i; -// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); unsigned char *buf; size_t buf_len; if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) goto endverify; -// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) -// goto endverify; for(i = 0; i < oqsxkey->numkeys; i++){ if (i == 0){ buf = compsig->sig1->data; @@ -701,7 +685,6 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } -// OPENSSL_free(compsig->sig); OPENSSL_free(compsig); }else { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index d5dfe321..ed73a278 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -187,7 +187,6 @@ char* get_cmpname(int nid, int index) for (j = 0; j < index; j ++) token = strtok(NULL, "_"); name = OPENSSL_strdup(token); -// OPENSSL_strlcpy(name, token, strlen(token) + 1); OPENSSL_free(s); return name; } @@ -973,12 +972,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, for (i = 0; i < count; i++){ aType = sk_ASN1_TYPE_pop(sk); buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; -/* - p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); - if (!X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf)) - return NULL; -*/ + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); } @@ -1036,12 +1030,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, aType = sk_ASN1_TYPE_pop(sk); char *name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i); buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; - -/* p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); - if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf)) - return NULL; -*/ + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); //if is a RSA key the actual encoding size might be different from max size @@ -1231,7 +1220,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, break; case KEY_TYPE_CMP_SIG: int i; -// char* name = OPENSSL_malloc(strlen(tls_name)); ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); ret->privkeylen = 0; ret->pubkeylen = 0; @@ -1346,7 +1334,6 @@ void oqsx_key_free(OQSX_KEY *key) } if(key->keytype == KEY_TYPE_CMP_SIG){ int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) @@ -1517,18 +1504,6 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } -/* if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) - { - ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(kgctx, EVP_sha256()); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_md(kgctx, EVP_sha256()); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(kgctx, 64); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - } -*/ ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); @@ -1625,16 +1600,12 @@ int oqsx_key_gen(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_CMP_SIG) { int i; -// char* name = OPENSSL_malloc(strlen(key->tls_name)); ret = oqsx_key_set_composites(key); for (i = 0; i < key->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) { -// if (i == 0) -// pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->pubkey, key->privkey, 0); -// else - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[i] = pkey; } @@ -1692,7 +1663,6 @@ int oqsx_key_maxsize(OQSX_KEY *key) { int aux = sizeof(CompositeSignature); int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0)