diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-12 11:32:12 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-01-12 11:32:12 +1000 |
| commit | e683582bf37de45a9512aea7ff33b9a3ebdf07f4 (patch) | |
| tree | 3a8c7e4f3ae908816ef57c15e56b619daa1430ac /crypto/evp/pmeth_gn.c | |
| parent | e0e68f9e34585084038fba768fb2eecb5dd1ddf3 (diff) | |
Add dsa signature alg to fips provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10615)
Diffstat (limited to 'crypto/evp/pmeth_gn.c')
| -rw-r--r-- | crypto/evp/pmeth_gn.c | 174 |
1 files changed, 91 insertions, 83 deletions
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 100931cda7..14c5fd4b99 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -17,89 +17,7 @@ #include "crypto/evp.h" #include "evp_local.h" -static int fromdata_init(EVP_PKEY_CTX *ctx, int operation) -{ - if (ctx == NULL || ctx->keytype == NULL) - goto not_supported; - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = operation; - if (ctx->keymgmt == NULL) - ctx->keymgmt = EVP_KEYMGMT_fetch(NULL, ctx->keytype, ctx->propquery); - if (ctx->keymgmt == NULL) - goto not_supported; - - return 1; - - not_supported: - ctx->operation = EVP_PKEY_OP_UNDEFINED; - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - -int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx) -{ - return fromdata_init(ctx, EVP_PKEY_OP_PARAMFROMDATA); -} - -int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx) -{ - return fromdata_init(ctx, EVP_PKEY_OP_KEYFROMDATA); -} - -int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]) -{ - void *provdata = NULL; - - if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_TYPE_FROMDATA) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ppkey == NULL) - return -1; - - if (*ppkey == NULL) - *ppkey = EVP_PKEY_new(); - - if (*ppkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return -1; - } - - provdata = - evp_keymgmt_fromdata(*ppkey, ctx->keymgmt, params, - ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); - - if (provdata == NULL) - return 0; - /* provdata is cached in *ppkey, so we need not bother with it further */ - return 1; -} - -/* - * TODO(3.0) Re-evaluate the names, it's possible that we find these to be - * better: - * - * EVP_PKEY_param_settable() - * EVP_PKEY_param_gettable() - */ -const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx) -{ - /* We call fromdata_init to get ctx->keymgmt populated */ - if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED)) - return evp_keymgmt_importdomparam_types(ctx->keymgmt); - return NULL; -} - -const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx) -{ - /* We call fromdata_init to get ctx->keymgmt populated */ - if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED)) - return evp_keymgmt_importdomparam_types(ctx->keymgmt); - return NULL; -} - +#ifndef FIPS_MODE int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { int ret; @@ -321,3 +239,93 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) return pkey->ameth->pkey_param_check(pkey); } + +#endif /* FIPS_MODE */ + +/*- All methods below can also be used in FIPS_MODE */ + +static int fromdata_init(EVP_PKEY_CTX *ctx, int operation) +{ + if (ctx == NULL || ctx->keytype == NULL) + goto not_supported; + + evp_pkey_ctx_free_old_ops(ctx); + ctx->operation = operation; + if (ctx->keymgmt == NULL) + ctx->keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ctx->keytype, + ctx->propquery); + if (ctx->keymgmt == NULL) + goto not_supported; + + return 1; + + not_supported: + ctx->operation = EVP_PKEY_OP_UNDEFINED; + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; +} + +int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx) +{ + return fromdata_init(ctx, EVP_PKEY_OP_PARAMFROMDATA); +} + +int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx) +{ + return fromdata_init(ctx, EVP_PKEY_OP_KEYFROMDATA); +} + +int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]) +{ + void *provdata = NULL; + + if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_TYPE_FROMDATA) == 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ppkey == NULL) + return -1; + + if (*ppkey == NULL) + *ppkey = EVP_PKEY_new(); + + if (*ppkey == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return -1; + } + + provdata = + evp_keymgmt_fromdata(*ppkey, ctx->keymgmt, params, + ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); + + if (provdata == NULL) + return 0; + /* provdata is cached in *ppkey, so we need not bother with it further */ + return 1; +} + +/* + * TODO(3.0) Re-evaluate the names, it's possible that we find these to be + * better: + * + * EVP_PKEY_param_settable() + * EVP_PKEY_param_gettable() + */ +const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx) +{ + /* We call fromdata_init to get ctx->keymgmt populated */ + if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED)) + return evp_keymgmt_importdomparam_types(ctx->keymgmt); + return NULL; +} + +const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx) +{ + /* We call fromdata_init to get ctx->keymgmt populated */ + if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED)) + return evp_keymgmt_importdomparam_types(ctx->keymgmt); + return NULL; +} + + |