diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-03-23 05:40:47 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-03-25 17:01:32 +0100 |
| commit | 0abae1636d7054266dd20724c0d5e06617d9f679 (patch) | |
| tree | 2237cb7a395a335ba4da5a530d2116b3e5f0e3aa /crypto/dh/dh_backend.c | |
| parent | ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff) | |
EVP: Implement support for key downgrading in backends
Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.
This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT. Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)
Diffstat (limited to 'crypto/dh/dh_backend.c')
| -rw-r--r-- | crypto/dh/dh_backend.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c new file mode 100644 index 0000000000..bbeb096d55 --- /dev/null +++ b/crypto/dh/dh_backend.c @@ -0,0 +1,56 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include "crypto/dh.h" + +/* + * The intention with the "backend" source file is to offer backend functions + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL, *pub_key = NULL; + + if (dh == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + /* + * DH documentation says that a public key must be present if a + * private key is present. + * We want to have at least a public key either way, so we end up + * requiring it unconditionally. + */ + if (param_priv_key != NULL && param_pub_key == NULL) + return 0; + + if ((param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + || (param_pub_key != NULL + && !OSSL_PARAM_get_BN(param_pub_key, &pub_key))) + goto err; + + if (!DH_set0_key(dh, pub_key, priv_key)) + goto err; + + return 1; + + err: + BN_clear_free(priv_key); + BN_free(pub_key); + return 0; +} |