get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)

Submitted by: Nils Larsch

apps/ca.c

@@ -1515,7 +1515,7 @@ bad:
 			else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
+			if (pkey->type == EVP_PKEY_EC)
 				dgst=EVP_ecdsa();
 			else
 #endif
@@ -2293,7 +2293,7 @@ again2:
 	EVP_PKEY_free(pktmp);
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA)
+	if (pkey->type == EVP_PKEY_EC)
 		dgst = EVP_ecdsa();
 	pktmp = X509_get_pubkey(ret);
 	if (EVP_PKEY_missing_parameters(pktmp) &&

apps/req.c

@@ -682,7 +682,8 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
+			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -852,7 +853,7 @@ loop:
 			digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
+		if (pkey->type == EVP_PKEY_EC)
 			digest=EVP_ecdsa();
 #endif
 		if (req == NULL)

apps/speed.c

@@ -1937,7 +1937,7 @@ int MAIN(int argc, char **argv)
 				{
 				/* Perform ECDSA signature test */
 				EC_KEY_generate_key(ecdsa[j]);
-				ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, 
+				ret = ECDSA_sign(0, buf, 20, ecdsasig, 
 					&ecdsasiglen, ecdsa[j]);
 				if (ret == 0) 
 					{
@@ -1953,9 +1953,12 @@ int MAIN(int argc, char **argv)
 						ECDSA_SECONDS);
 
 					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][0]); count++) 
+					for (count=0,run=1; COND(ecdsa_c[j][0]);
+						count++) 
 						{
-						ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
+						ret=ECDSA_sign(0, buf, 20, 
+							ecdsasig, &ecdsasiglen,
+							ecdsa[j]);
 						if (ret == 0) 
 							{
 							BIO_printf(bio_err, "ECDSA sign failure\n");
@@ -1974,7 +1977,8 @@ int MAIN(int argc, char **argv)
 					}
 
 				/* Perform ECDSA verification test */
-				ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+				ret=ECDSA_verify(0, buf, 20, ecdsasig, 
+					ecdsasiglen, ecdsa[j]);
 				if (ret != 1) 
 					{
 					BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");

apps/x509.c

@@ -870,7 +870,7 @@ bad:
 		                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-				if (Upkey->type == EVP_PKEY_ECDSA)
+				if (Upkey->type == EVP_PKEY_EC)
 					digest=EVP_ecdsa();
 #endif
 
@@ -894,7 +894,7 @@ bad:
 		                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-				if (CApkey->type == EVP_PKEY_ECDSA)
+				if (CApkey->type == EVP_PKEY_EC)
 					digest = EVP_ecdsa();
 #endif
 				
@@ -929,7 +929,7 @@ bad:
 		                        digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-				if (pk->type == EVP_PKEY_ECDSA)
+				if (pk->type == EVP_PKEY_EC)
 					digest=EVP_ecdsa();
 #endif
 

crypto/evp/evp.h

@@ -150,13 +150,13 @@
 #define EVP_PK_RSA	0x0001
 #define EVP_PK_DSA	0x0002
 #define EVP_PK_DH	0x0004
-#define EVP_PK_ECDSA	0x0008
+#define EVP_PK_EC	0x0008
 #define EVP_PKT_SIGN	0x0010
 #define EVP_PKT_ENC	0x0020
 #define EVP_PKT_EXCH	0x0040
 #define EVP_PKS_RSA	0x0100
 #define EVP_PKS_DSA	0x0200
-#define EVP_PKS_ECDSA	0x0400
+#define EVP_PKS_EC	0x0400
 #define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
 
 #define EVP_PKEY_NONE	NID_undef
@@ -169,7 +169,6 @@
 #define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
 #define EVP_PKEY_DH	NID_dhKeyAgreement
 #define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey
-#define EVP_PKEY_ECDSA	EVP_PKEY_EC
 
 #ifdef	__cplusplus
 extern "C" {
@@ -310,7 +309,7 @@ struct env_md_st
 
 #ifndef OPENSSL_NO_ECDSA
 #define EVP_PKEY_ECDSA_method   ECDSA_sign,ECDSA_verify, \
-                                 {EVP_PKEY_ECDSA,0,0,0}
+                                 {EVP_PKEY_EC,0,0,0}
 #else   
 #define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
 #endif

crypto/evp/evp_pkey.c

@@ -83,7 +83,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 #ifndef OPENSSL_NO_EC
 	EC_KEY *eckey = NULL;
 #endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 	ASN1_INTEGER *privkey;
 	ASN1_TYPE    *t1, *t2, *param = NULL;
 	STACK_OF(ASN1_TYPE) *n_stack = NULL;
@@ -124,7 +124,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 		EVP_PKEY_assign_RSA (pkey, rsa);
 		break;
 #endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 		case NID_ecdsa_with_SHA1:
 		case NID_dsa:
 		/* PKCS#8 DSA/ECDSA is weird: you just get a private key integer
@@ -235,7 +235,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 		} 
 		else /* nid == NID_ecdsa_with_SHA1 */
 		{
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
 			if ((eckey = d2i_ECParameters(NULL, &cp, 
 				plen)) == NULL)
 			{
@@ -350,8 +350,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 
 		break;
 #endif
-#ifndef OPENSSL_NO_ECDSA
-		case EVP_PKEY_ECDSA:
+#ifndef OPENSSL_NO_EC
+		case EVP_PKEY_EC:
 		if (!eckey_pkey2pkcs8(p8, pkey))
 		{
 			PKCS8_PRIV_KEY_INFO_free(p8);
@@ -529,7 +529,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 	q = p;
 	if (!i2d_ECParameters(pkey->pkey.eckey, &q))
 	{
-		EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ECDSA_LIB);
+		EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB);
 		OPENSSL_free(p);
 		return 0;
 	}
@@ -703,7 +703,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 					 &p8->pkey->value.octet_string->data,
 					 &p8->pkey->value.octet_string->length)) 
 		{
-			EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
 			sk_ASN1_TYPE_pop_free(neckey, ASN1_TYPE_free);
 			return 0;
 		}

crypto/evp/p_lib.c

@@ -137,8 +137,8 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 		return(ret);
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA)
+#ifndef OPENSSL_NO_EC
+	if (pkey->type == EVP_PKEY_EC)
 		{
 		int ret = pkey->save_parameters;
 
@@ -182,7 +182,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
 		}
 #endif
 #ifndef OPENSSL_NO_EC
-	if (to->type == EVP_PKEY_ECDSA)
+	if (to->type == EVP_PKEY_EC)
 		{
 		if (to->pkey.eckey->group != NULL)
 			EC_GROUP_free(to->pkey.eckey->group);

crypto/pem/pem_pkey.c

@@ -83,7 +83,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
 	else if (strcmp(nm,PEM_STRING_DSA) == 0)
 		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
 	else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-		ret=d2i_PrivateKey(EVP_PKEY_ECDSA,x,&p,len);
+		ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
 	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
 		PKCS8_PRIV_KEY_INFO *p8inf;
 		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);

crypto/pkcs7/pk7_doit.c

@@ -629,7 +629,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				ctx_tmp.digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
- 			if (si->pkey->type == EVP_PKEY_ECDSA)
+ 			if (si->pkey->type == EVP_PKEY_EC)
  				ctx_tmp.digest=EVP_ecdsa();
 #endif
 
@@ -830,7 +830,7 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa();
+	if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
 #endif
 
 	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);

crypto/pkcs7/pk7_lib.c

@@ -310,7 +310,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 	int nid;
 	char is_dsa;
 
-	if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_ECDSA)
+	if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
 		is_dsa = 1;
 	else
 		is_dsa = 0;
@@ -363,7 +363,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 #endif
 		p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
 		}
-	else if (nid == EVP_PKEY_ECDSA)
+	else if (nid == EVP_PKEY_EC)
 		{
 		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
 		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))

crypto/x509/x509type.c

@@ -86,8 +86,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 	case EVP_PKEY_DSA:
 		ret=EVP_PK_DSA|EVP_PKT_SIGN;
 		break;
-	case EVP_PKEY_ECDSA:
-		ret=EVP_PK_ECDSA|EVP_PKT_SIGN;
+	case EVP_PKEY_EC:
+		ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
 		break;
 	case EVP_PKEY_DH:
 		ret=EVP_PK_DH|EVP_PKT_EXCH;
@@ -105,8 +105,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 	case EVP_PKS_DSA:
 		ret|=EVP_PKS_DSA;
 		break;
-	case EVP_PKS_ECDSA:
-		ret|=EVP_PKS_ECDSA;
+	case EVP_PKS_EC:
+		ret|=EVP_PKS_EC;
 		break;
 	default:
 		break;

ssl/s3_both.c

@@ -526,10 +526,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 			}
 		}
 #ifndef OPENSSL_NO_EC
-	/* XXX: Structurally, there is no distinction between 
-	 * ECDSA and ECDH public keys (both are ECPoints).
-	 * So EVP_PKEY_ECDSA should really be renamed EVP_PKEY_ECC
-	 * (or similar). As for ECC certificates, additional
+	/* As for ECC certificates, additional
 	 * information (e.g. in the optional key usage X509v3 
 	 * extension) could be used when available to distinguish
 	 * between ECDH and ECDSA certificates. For now, we do not
@@ -537,7 +534,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	 * of checking for appropriate key usage to the SSL code
 	 * responsible for sending/processing ECC certificates.
 	 */
-	else if (i == EVP_PKEY_ECDSA)
+	else if (i == EVP_PKEY_EC)
 		{
 		ret = SSL_PKEY_ECC;
 		}

ssl/s3_clnt.c

@@ -1349,7 +1349,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
+			if (pkey->type == EVP_PKEY_EC)
 			{
 			/* let's do ECDSA */
 			EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
@@ -1907,7 +1907,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
 				srvr_pub_pkey = X509_get_pubkey(s->session-> \
 				    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
 				if ((srvr_pub_pkey == NULL) ||
-				    (srvr_pub_pkey->type != EVP_PKEY_ECDSA) ||
+				    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
 				    (srvr_pub_pkey->pkey.eckey == NULL))
 					{
 					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2118,7 +2118,7 @@ static int ssl3_send_client_verify(SSL *s)
 		else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
+			if (pkey->type == EVP_PKEY_EC)
 			{
 			if (!ECDSA_sign(pkey->save_type,
 				&(data[MD5_DIGEST_LENGTH]),

ssl/s3_srvr.c

@@ -1446,7 +1446,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			else
 #endif
 #if !defined(OPENSSL_NO_ECDSA)
-				if (pkey->type == EVP_PKEY_ECDSA)
+				if (pkey->type == EVP_PKEY_EC)
 				{
 				/* let's do ECDSA */
 				EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
@@ -2001,7 +2001,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 				 }
                         if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
 			    == NULL) || 
-			    (clnt_pub_pkey->type != EVP_PKEY_ECDSA))
+			    (clnt_pub_pkey->type != EVP_PKEY_EC))
                         	{
 				/* XXX: For now, we do not support client
 				 * authentication using ECDH certificates
@@ -2228,7 +2228,7 @@ static int ssl3_get_cert_verify(SSL *s)
 	else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
+		if (pkey->type == EVP_PKEY_EC)
 		{
 		j=ECDSA_verify(pkey->save_type,
 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),