diff options
author | Richard Levitte <levitte@openssl.org> | 2020-12-01 19:11:59 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-12-16 11:55:39 +0100 |
commit | c829c23b67308ad8e8ab677c78db1d5151106c3c (patch) | |
tree | a1b4b7aeb5cc3093db9df76e06e02ce18f1653ed /crypto/evp/pmeth_lib.c | |
parent | d33ab074ef9847b67d96961f85f4ad614395d2c2 (diff) |
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH. This change solves that problem by shuffling these functions to
more appropriate places.
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Partially fixes #13550
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
Diffstat (limited to 'crypto/evp/pmeth_lib.c')
-rw-r--r-- | crypto/evp/pmeth_lib.c | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7364a148a6..58ca1d1d93 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -834,30 +834,6 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return EVP_PKEY_CTX_get_params(ctx, params); } -# ifndef OPENSSL_NO_DH -int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) -{ - OSSL_PARAM dh_pad_params[2]; - unsigned int upad = pad; - - /* We use EVP_PKEY_CTX_ctrl return values */ - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - /* TODO(3.0): Remove this eventually when no more legacy */ - if (ctx->op.kex.exchprovctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_PAD, pad, NULL); - - dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad); - dh_pad_params[1] = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); -} -# endif - int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { OSSL_PARAM sig_md_params[2], *p = sig_md_params; @@ -1252,7 +1228,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return evp_pkey_ctx_get1_id_len_prov(ctx, p2); } -# ifndef OPENSSL_NO_DH if (keytype == EVP_PKEY_DHX) { switch (cmd) { case EVP_PKEY_CTRL_DH_KDF_TYPE: @@ -1291,7 +1266,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1); } } -# endif # ifndef OPENSSL_NO_DSA if (keytype == EVP_PKEY_DSA) { switch (cmd) { @@ -1579,7 +1553,6 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, else if (strcmp(name, "dsa_paramgen_md") == 0) name = OSSL_PKEY_PARAM_FFC_DIGEST; # endif -# ifndef OPENSSL_NO_DH else if (strcmp(name, "dh_paramgen_generator") == 0) name = OSSL_PKEY_PARAM_DH_GENERATOR; else if (strcmp(name, "dh_paramgen_prime_len") == 0) @@ -1592,11 +1565,13 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, } else if (strcmp(name, "dh_param") == 0) name = OSSL_PKEY_PARAM_GROUP_NAME; else if (strcmp(name, "dh_rfc5114") == 0) { + int num = atoi(value); + name = OSSL_PKEY_PARAM_GROUP_NAME; - value = ossl_ffc_named_group_from_uid(atoi(value)); + value = + ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num)); } else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; -# endif # ifndef OPENSSL_NO_EC else if (strcmp(name, "ec_paramgen_curve") == 0) name = OSSL_PKEY_PARAM_GROUP_NAME; |