diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
| commit | b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch) | |
| tree | 1f27a892757c24efab70d2fb8f93110f71c0fbb3 /crypto/dh | |
| parent | 09b3654096ed344edd78cf156cb3ddcdbced6f9a (diff) | |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_ameth.c | 4 | ||||
| -rw-r--r-- | crypto/dh/dh_group_params.c | 28 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 9 |
3 files changed, 36 insertions, 5 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index f5bcee2460..9c1fa0388d 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -24,7 +24,7 @@ #include "crypto/evp.h" #include <openssl/cms.h> #include <openssl/core_names.h> -#include "openssl/param_build.h" +#include <openssl/param_build.h> #include "internal/ffc.h" /* @@ -558,7 +558,7 @@ static int dh_pkey_import_from(const OSSL_PARAM params[], void *key) return 0; } - if (!ffc_fromdata(dh_get0_params(dh), params) + if (!ffc_params_fromdata(dh_get0_params(dh), params) || !dh_key_fromdata(dh, params) || !EVP_PKEY_assign_DH(pkey, dh)) { DH_free(dh); diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c index d672ae3034..cc1c546655 100644 --- a/crypto/dh/dh_group_params.c +++ b/crypto/dh/dh_group_params.c @@ -23,12 +23,14 @@ #include "crypto/bn_dh.h" #include "crypto/dh.h" #include "crypto/security_bits.h" +#include "e_os.h" /* strcasecmp */ -#define FFDHE(sz) { NID_ffdhe##sz, sz, &_bignum_ffdhe##sz##_p } -#define MODP(sz) { NID_modp_##sz, sz, &_bignum_modp_##sz##_p } +#define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz, sz, &_bignum_ffdhe##sz##_p } +#define MODP(sz) { SN_modp_##sz, NID_modp_##sz, sz, &_bignum_modp_##sz##_p } typedef struct safe_prime_group_st { + const char *name; int nid; int32_t nbits; const BIGNUM *p; @@ -50,6 +52,28 @@ static const SP_GROUP sp_groups[] = { MODP(8192), }; +int ffc_named_group_to_nid(const char *name) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(sp_groups); ++i) { + if (strcasecmp(sp_groups[i].name, name) == 0) + return sp_groups[i].nid; + } + return NID_undef; +} + +const char *ffc_named_group_from_nid(int nid) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(sp_groups); ++i) { + if (sp_groups[i].nid == nid) + return sp_groups[i].name; + } + return NULL; +} + #ifndef FIPS_MODE static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index ab2e25ea87..e46946153b 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -19,6 +19,12 @@ #include "crypto/bn.h" #include "crypto/dh.h" +#ifdef FIPS_MODE +# define MIN_STRENGTH 112 +#else +# define MIN_STRENGTH 80 +#endif + static int generate_key(DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -287,7 +293,8 @@ static int generate_key(DH *dh) * Max Private key size N = len(q) */ if (!ffc_generate_private_key(ctx, &dh->params, - BN_num_bits(dh->params.q), 112, + BN_num_bits(dh->params.q), + MIN_STRENGTH, priv_key)) goto err; } |