diff options
| author | Matt Caswell <matt@openssl.org> | 2018-03-15 12:19:16 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-03-15 12:47:27 +0000 |
| commit | f929439f61e7e4cf40e06de56880758b5344f198 (patch) | |
| tree | 648214966a8152d218f81d3420b56fffdf744da4 | |
| parent | e8f9f08f17e4f15ee737115d336d110dc8dea0ec (diff) | |
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
| -rw-r--r-- | apps/dgst.c | 4 | ||||
| -rw-r--r-- | crypto/err/openssl.txt | 4 | ||||
| -rw-r--r-- | crypto/evp/evp_err.c | 8 | ||||
| -rw-r--r-- | crypto/evp/p_lib.c | 20 | ||||
| -rw-r--r-- | crypto/kdf/tls1_prf.c | 2 | ||||
| -rw-r--r-- | doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 | ||||
| -rw-r--r-- | doc/man3/EVP_PKEY_CTX_ctrl.pod | 4 | ||||
| -rw-r--r-- | doc/man3/EVP_PKEY_new.pod | 44 | ||||
| -rw-r--r-- | doc/man7/Ed25519.pod | 12 | ||||
| -rw-r--r-- | doc/man7/X25519.pod | 12 | ||||
| -rw-r--r-- | include/openssl/evp.h | 12 | ||||
| -rw-r--r-- | include/openssl/evperr.h | 4 | ||||
| -rw-r--r-- | ssl/statem/extensions.c | 4 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 14 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 4 | ||||
| -rw-r--r-- | ssl/tls13_enc.c | 8 | ||||
| -rw-r--r-- | test/evp_test.c | 8 | ||||
| -rw-r--r-- | util/libcrypto.num | 4 |
18 files changed, 87 insertions, 85 deletions
diff --git a/apps/dgst.c b/apps/dgst.c index d5646c91e2..4bf20f33e5 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -277,8 +277,8 @@ int dgst_main(int argc, char **argv) } if (hmac_key != NULL) { - sigkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, impl, - (unsigned char *)hmac_key, -1); + sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, + (unsigned char *)hmac_key, -1); if (sigkey == NULL) goto end; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1e396adfe1..896c089da6 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -704,8 +704,8 @@ EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key -EVP_F_EVP_PKEY_NEW_PRIVATE_KEY:191:EVP_PKEY_new_private_key -EVP_F_EVP_PKEY_NEW_PUBLIC_KEY:192:EVP_PKEY_new_public_key +EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key +EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 7ab2a249fd..8678abd5b4 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -95,10 +95,10 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0), "EVP_PKEY_new_CMAC_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_PRIVATE_KEY, 0), - "EVP_PKEY_new_private_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_PUBLIC_KEY, 0), - "EVP_PKEY_new_public_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0), + "EVP_PKEY_new_raw_private_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0), + "EVP_PKEY_new_raw_public_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0), "EVP_PKEY_paramgen_init"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 073d2df888..c1b3393aa9 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -220,9 +220,9 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, return 1; } -EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len) +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len) { EVP_PKEY *ret = EVP_PKEY_new(); @@ -233,13 +233,13 @@ EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, } if (ret->ameth->set_priv_key == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW_PRIVATE_KEY, + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); goto err; } if (!ret->ameth->set_priv_key(ret, priv, len)) { - EVPerr(EVP_F_EVP_PKEY_NEW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } @@ -250,9 +250,9 @@ EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, return NULL; } -EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, - const unsigned char *pub, - size_t len) +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len) { EVP_PKEY *ret = EVP_PKEY_new(); @@ -263,13 +263,13 @@ EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, } if (ret->ameth->set_pub_key == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW_PUBLIC_KEY, + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); goto err; } if (!ret->ameth->set_pub_key(ret, pub, len)) { - EVPerr(EVP_F_EVP_PKEY_NEW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index f618362c0a..fb7d2ce36f 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -193,7 +193,7 @@ static int tls1_prf_P_hash(const EVP_MD *md, if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) goto err; EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - mac_key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len); + mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (mac_key == NULL) goto err; if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 9b635c480e..eb15e4288d 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -345,8 +345,8 @@ L<EVP_PKEY_param_check(3)> respectively. The set_priv_key() and set_pub_key() methods are used to set the raw private and public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. -They are called by L<EVP_PKEY_new_private_key(3)>, and -L<EVP_PKEY_new_public_key(3)> respectively. +They are called by L<EVP_PKEY_new_raw_private_key(3)>, and +L<EVP_PKEY_new_raw_public_key(3)> respectively. =head2 Functions diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index ed4fd80917..bfc5c85c49 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -88,10 +88,10 @@ allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() macro. In this case key generation is simply the process of setting up the parameters for the key and then setting the raw key data to the value explicitly provided by that macro. Normally applications would call -L<EVP_PKEY_new_private_key(3)> or similar functions instead of this macro. +L<EVP_PKEY_new_raw_private_key(3)> or similar functions instead of this macro. The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms -supported by the L<EVP_PKEY_new_private_key(3)> function. +supported by the L<EVP_PKEY_new_raw_private_key(3)> function. The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index e426a38c98..98a0dd158a 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -5,8 +5,8 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, -EVP_PKEY_new_private_key, -EVP_PKEY_new_public_key, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key - public/private key allocation functions @@ -19,10 +19,10 @@ EVP_PKEY_new_mac_key int EVP_PKEY_up_ref(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); - EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, - const unsigned char *key, size_t keylen); - EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, - const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, @@ -38,10 +38,10 @@ EVP_PKEY_up_ref() increments the reference count of B<key>. EVP_PKEY_free() decrements the reference count of B<key> and, if the reference count is zero, frees it up. If B<key> is NULL, nothing is done. -EVP_PKEY_new_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL then -the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type> -argument indicates what kind of key this is. The value should be a NID for a -public key algorithm that supports raw private keys, i.e. one of +EVP_PKEY_new_raw_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL +then the new B<EVP_PKEY> structure is associated with the engine B<e>. The +B<type> argument indicates what kind of key this is. The value should be a NID +for a public key algorithm that supports raw private keys, i.e. one of B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. B<key> points to the raw private key data for this B<EVP_PKEY> which should be of length B<keylen>. @@ -49,19 +49,19 @@ The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type). -EVP_PKEY_new_public_key() works in the same way as EVP_PKEY_new_private_key() -except that B<key> points to the raw public key data. The B<EVP_PKEY> structure -will be initialised without any private key information. Algorithm types that -support raw public keys are B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, -B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. +EVP_PKEY_new_raw_public_key() works in the same way as +EVP_PKEY_new_raw_private_key() except that B<key> points to the raw public key +data. The B<EVP_PKEY> structure will be initialised without any private key +information. Algorithm types that support raw public keys are +B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. -EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_private_key() +EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during creation of a CMAC in the B<cipher> argument. -EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_private_key(). New -applications should use EVP_PKEY_new_private_key() instead. +EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). +New applications should use EVP_PKEY_new_raw_private_key() instead. =head1 NOTES @@ -74,7 +74,7 @@ used. =head1 RETURN VALUES -EVP_PKEY_new(), EVP_PKEY_new_private_key(), EVP_PKEY_new_public_key(), +EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly allocated B<EVP_PKEY> structure or B<NULL> if an error occurred. @@ -88,9 +88,9 @@ L<EVP_PKEY_set1_RSA(3)> EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. EVP_PKEY_new_private_key(), -EVP_PKEY_new_public_key() and EVP_PKEY_new_CMAC_key() were first added to -OpenSSL 1.1.1. +EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key() and +EVP_PKEY_new_CMAC_key() were first added to OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man7/Ed25519.pod b/doc/man7/Ed25519.pod index f2f6fb2a32..eacc05f2ed 100644 --- a/doc/man7/Ed25519.pod +++ b/doc/man7/Ed25519.pod @@ -40,14 +40,14 @@ For the B<Ed448> algorithm a context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); Ed25519 or Ed448 private keys can be set directly using -L<EVP_PKEY_new_private_key(3)> or loaded from a PKCS#8 private key file using -L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys can -also be generated (see the example below). Setting a private key also sets the -associated public key. +L<EVP_PKEY_new_raw_private_key(3)> or loaded from a PKCS#8 private key file +using L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. Ed25519 or Ed448 public keys can be set directly using -L<EVP_PKEY_new_public_key(3)> or loaded from a SubjectPublicKeyInfo structure -in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function). +L<EVP_PKEY_new_raw_public_key(3)> or loaded from a SubjectPublicKeyInfo +structure in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function). =head1 EXAMPLE diff --git a/doc/man7/X25519.pod b/doc/man7/X25519.pod index f1a9c4928e..7cb6ff6b3b 100644 --- a/doc/man7/X25519.pod +++ b/doc/man7/X25519.pod @@ -28,14 +28,14 @@ For the B<X448> algorithm a context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); X25519 or X448 private keys can be set directly using -L<EVP_PKEY_new_private_key(3)> or loaded from a PKCS#8 private key file using -L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys can -also be generated (see the example below). Setting a private key also sets the -associated public key. +L<EVP_PKEY_new_raw_private_key(3)> or loaded from a PKCS#8 private key file +using L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. X25519 or X448 public keys can be set directly using -L<EVP_PKEY_new_public_key(3)> or loaded from a SubjectPublicKeyInfo structure -in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function). +L<EVP_PKEY_new_raw_public_key(3)> or loaded from a SubjectPublicKeyInfo +structure in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function). =head1 EXAMPLE diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 055f2b7df3..8b81b12362 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1347,12 +1347,12 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen); -EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len); -EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, - const unsigned char *pub, - size_t len); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 3cdd554f31..b269a8e0de 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -79,8 +79,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 -# define EVP_F_EVP_PKEY_NEW_PRIVATE_KEY 191 -# define EVP_F_EVP_PKEY_NEW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 # define EVP_F_EVP_PKEY_PARAM_CHECK 189 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 9b8fc43bf1..7f9fd5f02e 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1559,8 +1559,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, goto err; } - mackey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, finishedkey, - hashsize); + mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey, + hashsize); if (mackey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 0f997c40f5..7c9a3f7a6a 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -752,9 +752,10 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Verify the HMAC of the cookie */ hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext + .cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); @@ -1762,9 +1763,10 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, /* HMAC the cookie */ hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext + .cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, ERR_R_MALLOC_FAILURE); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a9e28bcd90..bd7ff50c21 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -257,8 +257,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { /* TODO(size_t): Convert this function */ - mac_key = EVP_PKEY_new_private_key(mac_type, NULL, - mac_secret, (int)*mac_secret_size); + mac_key = EVP_PKEY_new_raw_private_key(mac_type, NULL, mac_secret, + (int)*mac_secret_size); if (mac_key == NULL || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { EVP_PKEY_free(mac_key); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 23a2c59ecf..08fbee59fa 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -248,11 +248,11 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } if (str == s->method->ssl3_enc->server_finished_label) - key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, - s->server_finished_secret, hashlen); + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->server_finished_secret, hashlen); else - key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, - s->client_finished_secret, hashlen); + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->client_finished_secret, hashlen); if (key == NULL || ctx == NULL diff --git a/test/evp_test.c b/test/evp_test.c index a804a9f73a..3e237b014b 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -915,8 +915,8 @@ static int mac_test_run(EVP_TEST *t) key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, EVP_get_cipherbyname(expected->alg)); else - key = EVP_PKEY_new_private_key(expected->type, NULL, expected->key, - expected->key_len); + key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key, + expected->key_len); if (key == NULL) { t->err = "MAC_KEY_CREATE_ERROR"; goto err; @@ -2486,9 +2486,9 @@ top: return 0; } if (klist == &private_keys) - pkey = EVP_PKEY_new_private_key(nid, NULL, keybin, keylen); + pkey = EVP_PKEY_new_raw_private_key(nid, NULL, keybin, keylen); else - pkey = EVP_PKEY_new_public_key(nid, NULL, keybin, keylen); + pkey = EVP_PKEY_new_raw_public_key(nid, NULL, keybin, keylen); if (pkey == NULL) { TEST_info("Can't read %s data", pp->key); OPENSSL_free(keybin); diff --git a/util/libcrypto.num b/util/libcrypto.num index 1c6efc7fb6..a965bb54ef 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4522,8 +4522,8 @@ OSSL_STORE_LOADER_set_find 4463 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_free 4464 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_digest 4465 1_1_1 EXIST::FUNCTION: RAND_DRBG_set_reseed_defaults 4466 1_1_1 EXIST::FUNCTION: -EVP_PKEY_new_private_key 4467 1_1_1 EXIST::FUNCTION: -EVP_PKEY_new_public_key 4468 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_private_key 4467 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_public_key 4468 1_1_1 EXIST::FUNCTION: EVP_PKEY_new_CMAC_key 4469 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_priv_key 4470 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_pub_key 4471 1_1_1 EXIST::FUNCTION: |