fix incomplete EC key creation from curve name; make sure tests use curves that exist; add validation checks on EC key creation

2025-10-27 19:10:20 +01:00 · 2017-09-28 14:42:50 -05:00
parent ba5af017cc
commit 8fff0cf586
6 changed files with 397 additions and 260 deletions
--- a/Crypto/include/Poco/Crypto/ECKey.h
+++ b/Crypto/include/Poco/Crypto/ECKey.h
@@ -78,7 +78,16 @@ public:

 	ECKeyImpl::Ptr impl() const;
 		/// Returns the impl object.
-	
+
+	static std::string getCurveName(int nid = -1);
+		/// Returns elliptical curve name corresponding to
+		/// the given nid; if nid is not found, returns
+		/// empty string.
+		///
+		/// If nid is -1, returns first curve name.
+		///
+		/// If no curves are found, returns empty string;
+
 private:
 	ECKeyImpl::Ptr _pImpl;
 };
@@ -93,6 +102,12 @@ inline ECKeyImpl::Ptr ECKey::impl() const
 }


+inline std::string ECKey::getCurveName(int nid)
+{
+	return ECKeyImpl::getCurveName(nid);
+}
+
+
 } } // namespace Poco::Crypto


--- a/Crypto/include/Poco/Crypto/ECKeyImpl.h
+++ b/Crypto/include/Poco/Crypto/ECKeyImpl.h
@@ -104,7 +104,17 @@ public:
 		/// If a null pointer is passed for a stream, the corresponding
 		/// key is not exported.

+	static std::string getCurveName(int nid = -1);
+		/// Returns elliptical curve name corresponding to
+		/// the given nid; if nid is not found, returns
+		/// empty string.
+		///
+		/// If nid is -1, returns first curve name.
+		///
+		/// If no curves are found, returns empty string;
+
 private:
+	void checkEC(const std::string& method, const std::string& func) const;
 	void freeEC();

 	EC_KEY* _pEC;
--- a/Crypto/include/Poco/Crypto/EVPPKey.h
+++ b/Crypto/include/Poco/Crypto/EVPPKey.h
@@ -194,7 +194,11 @@ private:
 							*ppKey = (K*)getFunc(pKey);
 							EVP_PKEY_free(pKey);
 						}
-						else *ppKey = (K*)pKey;
+						else
+						{
+							poco_assert_dbg (typeid(K*) == typeid(EVP_PKEY*));
+							*ppKey = (K*)pKey;
+						}
 						if(!*ppKey) goto error;
 						return true;
 					}
@@ -250,7 +254,11 @@ private:
 							*ppKey = (K*)getFunc(pKey);
 							EVP_PKEY_free(pKey);
 						}
-						else *ppKey = (K*)pKey;
+						else
+						{
+							poco_assert_dbg (typeid(K*) == typeid(EVP_PKEY*));
+							*ppKey = (K*)pKey;
+						}
 						if (!*ppKey) goto error;
 						return true;
 					}
@@ -278,12 +286,12 @@ private:
 // inlines
 //

+
 inline bool EVPPKey::operator == (const EVPPKey& other) const
 {
-	poco_assert_dbg(other._pEVPPKey && _pEVPPKey);
-	int r = EVP_PKEY_cmp(_pEVPPKey, other._pEVPPKey);
-	if (r < 0) throw OpenSSLException("EVPPKey::operator ==()");
-	return (1 == r);
+	poco_check_ptr (other._pEVPPKey);
+	poco_check_ptr (_pEVPPKey);
+	return (1 == EVP_PKEY_cmp(_pEVPPKey, other._pEVPPKey));
 }