diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-26 11:58:56 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-11-27 15:30:51 +0100 |
commit | 888bdbfd398c967daaa00cf6b3d104f0e3d26865 (patch) | |
tree | dd06561974c9daca851a53db77209f34a9c14147 /crypto/evp | |
parent | a614af95531dd9f168aa4b71bd1195b4fdfe1794 (diff) |
EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA. This change solves that problem by shuffling these
functions to more appropriate places.
Fixes #13529
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/build.info | 4 | ||||
-rw-r--r-- | crypto/evp/dsa_ctrl.c | 157 |
2 files changed, 161 insertions, 0 deletions
diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 358709a6a4..204c199bac 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -4,6 +4,10 @@ $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \ m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \ pmeth_check.c evp_rand.c asymcipher.c kem.c +# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda +# sorta not. +$COMMON=$COMMON dsa_ctrl.c + SOURCE[../../libcrypto]=$COMMON\ encode.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c \ diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c new file mode 100644 index 0000000000..cb7e543e02 --- /dev/null +++ b/crypto/evp/dsa_ctrl.c @@ -0,0 +1,157 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdlib.h> +#include <openssl/core_names.h> +#include <openssl/err.h> +#include <openssl/dsa.h> +#include <openssl/evp.h> +#include "crypto/evp.h" + +static int dsa_paramgen_check(EVP_PKEY_CTX *ctx) +{ + if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + /* If key type not DSA return error */ + if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA) + return -1; + return 1; +} + +int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name) +{ + int ret; + OSSL_PARAM params[2], *p = params; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, + (char *)name, 0); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex) +{ + int ret; + OSSL_PARAM params[2], *p = params; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + + *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, + const unsigned char *seed, + size_t seedlen) +{ + int ret; + OSSL_PARAM params[2], *p = params; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + + *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, + (void *)seed, seedlen); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits) +{ + int ret; + OSSL_PARAM params[2], *p = params; + size_t bits = nbits; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + +#if !defined(FIPS_MODULE) + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.keymgmt.genctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL); +#endif + + *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits) +{ + int ret; + OSSL_PARAM params[2], *p = params; + size_t bits2 = qbits; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + +#if !defined(FIPS_MODULE) + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.keymgmt.genctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); +#endif + + *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, + const char *md_name, + const char *md_properties) +{ + int ret; + OSSL_PARAM params[3], *p = params; + + if ((ret = dsa_paramgen_check(ctx)) <= 0) + return ret; + +#if !defined(FIPS_MODULE) + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.keymgmt.genctx == NULL) { + const EVP_MD *md = EVP_get_digestbyname(md_name); + + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)); + } +#endif + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, + (char *)md_name, 0); + if (md_properties != NULL) + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, + (char *)md_properties, 0); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +#if !defined(FIPS_MODULE) +int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +{ + const char *md_name = (md == NULL) ? "" : EVP_MD_name(md); + + return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL); +} +#endif |