diff options
author | Pauli <paul.dale@oracle.com> | 2020-09-30 15:07:24 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-10-06 09:04:19 +1000 |
commit | 5357c10624bedaeed984ef4ff370096911ee2ddf (patch) | |
tree | 9b8481eaf37bc1fdef4a90d1300f027e3edcb3a7 /crypto/ffc | |
parent | 69340cafb4a894c469a392ce517b2e092758f1c4 (diff) |
ffc: add _ossl to exported but internal functions
The functions updated are:
ffc_generate_private_key, ffc_named_group_from_uid,
ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
ffc_params_flags_to_name, ffc_params_fromdata,
ffc_params_get0_pqg, ffc_params_get_validate_params,
ffc_params_init, ffc_params_print, ffc_params_set0_j,
ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
ffc_params_set_validate_params, ffc_params_simple_validate,
ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
and ffc_validate_public_key_partial.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
Diffstat (limited to 'crypto/ffc')
-rw-r--r-- | crypto/ffc/ffc_backend.c | 14 | ||||
-rw-r--r-- | crypto/ffc/ffc_key_generate.c | 4 | ||||
-rw-r--r-- | crypto/ffc/ffc_key_validate.c | 13 | ||||
-rw-r--r-- | crypto/ffc/ffc_params.c | 63 | ||||
-rw-r--r-- | crypto/ffc/ffc_params_generate.c | 52 | ||||
-rw-r--r-- | crypto/ffc/ffc_params_validate.c | 38 |
6 files changed, 98 insertions, 86 deletions
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 6e269ebf56..fddd41557e 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -17,7 +17,7 @@ * implementations alike. */ -int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) +int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) { const OSSL_PARAM *prm; const OSSL_PARAM *param_p, *param_q, *param_g; @@ -36,7 +36,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) * In a no-dh build we just go straight to err because we have no * support for this. */ - if (!ffc_set_group_pqg(ffc, prm->data)) + if (!ossl_ffc_set_group_pqg(ffc, prm->data)) #endif goto err; } @@ -75,14 +75,14 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (prm != NULL) { if (prm->data_type != OSSL_PARAM_OCTET_STRING) goto err; - if (!ffc_params_set_seed(ffc, prm->data, prm->data_size)) + if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size)) goto err; } prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_UTF8_STRING) goto err; - ffc_params_set_flags(ffc, ffc_params_flags_from_name(prm->data)); + ossl_ffc_params_set_flags(ffc, ossl_ffc_params_flags_from_name(prm->data)); } prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); if (prm != NULL) { @@ -96,12 +96,12 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (p1->data_type != OSSL_PARAM_UTF8_STRING) goto err; } - if (!ffc_set_digest(ffc, prm->data, props)) + if (!ossl_ffc_set_digest(ffc, prm->data, props)) goto err; } - ffc_params_set0_pqg(ffc, p, q, g); - ffc_params_set0_j(ffc, j); + ossl_ffc_params_set0_pqg(ffc, p, q, g); + ossl_ffc_params_set0_j(ffc, j); return 1; err: diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c index aeabae010f..d8d2116ddc 100644 --- a/crypto/ffc/ffc_key_generate.c +++ b/crypto/ffc/ffc_key_generate.c @@ -19,8 +19,8 @@ * s is the security strength. * priv_key is the returned private key, */ -int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv) +int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, + int N, int s, BIGNUM *priv) { int ret = 0, qbits = BN_num_bits(params->q); BIGNUM *m, *two_powN = NULL; diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c index a35f52e1b9..9f6525a2c8 100644 --- a/crypto/ffc/ffc_key_validate.c +++ b/crypto/ffc/ffc_key_validate.c @@ -16,8 +16,8 @@ * * ret contains 0 on success, or error flags (see FFC_ERROR_PUBKEY_TOO_SMALL) */ -int ffc_validate_public_key_partial(const FFC_PARAMS *params, - const BIGNUM *pub_key, int *ret) +int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret) { int ok = 0; BIGNUM *tmp = NULL; @@ -58,14 +58,14 @@ int ffc_validate_public_key_partial(const FFC_PARAMS *params, /* * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation. */ -int ffc_validate_public_key(const FFC_PARAMS *params, const BIGNUM *pub_key, - int *ret) +int ossl_ffc_validate_public_key(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret) { int ok = 0; BIGNUM *tmp = NULL; BN_CTX *ctx = NULL; - if (!ffc_validate_public_key_partial(params, pub_key, ret)) + if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret)) return 0; if (params->q != NULL) { @@ -100,7 +100,8 @@ int ffc_validate_public_key(const FFC_PARAMS *params, const BIGNUM *pub_key, * is normally params->q but can be 2^N for approved safe prime groups. * Note: This assumes that the domain parameters are valid. */ -int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv, int *ret) +int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv, + int *ret) { int ok = 0; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index c980ea0018..edcb44b152 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -15,10 +15,10 @@ #include "e_os.h" /* strcasecmp */ #ifndef FIPS_MODULE -# include <openssl/asn1.h> /* ffc_params_print */ +# include <openssl/asn1.h> /* ossl_ffc_params_print */ #endif -void ffc_params_init(FFC_PARAMS *params) +void ossl_ffc_params_init(FFC_PARAMS *params) { memset(params, 0, sizeof(*params)); params->pcounter = -1; @@ -26,17 +26,17 @@ void ffc_params_init(FFC_PARAMS *params) params->flags = FFC_PARAM_FLAG_VALIDATE_ALL; } -void ffc_params_cleanup(FFC_PARAMS *params) +void ossl_ffc_params_cleanup(FFC_PARAMS *params) { BN_free(params->p); BN_free(params->q); BN_free(params->g); BN_free(params->j); OPENSSL_free(params->seed); - ffc_params_init(params); + ossl_ffc_params_init(params); } -void ffc_params_set0_pqg(FFC_PARAMS *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +void ossl_ffc_params_set0_pqg(FFC_PARAMS *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) { if (p != NULL && p != d->p) { BN_free(d->p); @@ -52,8 +52,8 @@ void ffc_params_set0_pqg(FFC_PARAMS *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) } } -void ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g) +void ossl_ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g) { if (p != NULL) *p = d->p; @@ -65,7 +65,7 @@ void ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p, /* j is the 'cofactor' that is optionally output for ASN1. */ -void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) +void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) { BN_free(d->j); d->j = NULL; @@ -73,8 +73,8 @@ void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) d->j = j; } -int ffc_params_set_seed(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen) +int ossl_ffc_params_set_seed(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen) { if (params == NULL) return 0; @@ -97,27 +97,28 @@ int ffc_params_set_seed(FFC_PARAMS *params, return 1; } -void ffc_params_set_gindex(FFC_PARAMS *params, int index) +void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index) { params->gindex = index; } -void ffc_params_set_pcounter(FFC_PARAMS *params, int index) +void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index) { params->pcounter = index; } -void ffc_params_set_h(FFC_PARAMS *params, int index) +void ossl_ffc_params_set_h(FFC_PARAMS *params, int index) { params->h = index; } -void ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags) +void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags) { params->flags = flags; } -void ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, int enable) +void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, + int enable) { if (enable) params->flags |= flags; @@ -125,26 +126,26 @@ void ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, int enable) params->flags &= ~flags; } -int ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props) +int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props) { params->mdname = alg; params->mdprops = props; return 1; } -int ffc_params_set_validate_params(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen, - int counter) +int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, + const unsigned char *seed, + size_t seedlen, int counter) { - if (!ffc_params_set_seed(params, seed, seedlen)) + if (!ossl_ffc_params_set_seed(params, seed, seedlen)) return 0; params->pcounter = counter; return 1; } -void ffc_params_get_validate_params(const FFC_PARAMS *params, - unsigned char **seed, size_t *seedlen, - int *pcounter) +void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, + unsigned char **seed, size_t *seedlen, + int *pcounter) { if (seed != NULL) *seed = params->seed; @@ -174,7 +175,7 @@ static int ffc_bn_cpy(BIGNUM **dst, const BIGNUM *src) return 1; } -int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) +int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) { if (!ffc_bn_cpy(&dst->p, src->p) || !ffc_bn_cpy(&dst->g, src->g) @@ -198,7 +199,7 @@ int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) return 1; } -int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) +int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) { return BN_cmp(a->p, b->p) == 0 && BN_cmp(a->g, b->g) == 0 @@ -212,7 +213,7 @@ static const OSSL_ITEM flag_map[] = { { 0, "" } }; -int ffc_params_flags_from_name(const char *name) +int ossl_ffc_params_flags_from_name(const char *name) { size_t i; @@ -223,7 +224,7 @@ int ffc_params_flags_from_name(const char *name) return NID_undef; } -const char *ffc_params_flags_to_name(int flags) +const char *ossl_ffc_params_flags_to_name(int flags) { size_t i; @@ -235,7 +236,7 @@ const char *ffc_params_flags_to_name(int flags) return ""; } -int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, +int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { if (ffc == NULL) @@ -269,7 +270,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, return 0; if (ffc->nid != NID_undef) { #ifndef OPENSSL_NO_DH - const char *name = ffc_named_group_from_uid(ffc->nid); + const char *name = ossl_ffc_named_group_from_uid(ffc->nid); if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, @@ -283,7 +284,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, } if (!ossl_param_build_set_utf8_string(bld, params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE, - ffc_params_flags_to_name(ffc->flags))) + ossl_ffc_params_flags_to_name(ffc->flags))) return 0; if (ffc->mdname != NULL && !ossl_param_build_set_utf8_string(bld, params, @@ -299,7 +300,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, } #ifndef FIPS_MODULE -int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) +int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) { if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent)) goto err; diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index a289270347..0f955f5644 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -510,9 +510,10 @@ static const char *default_mdname(size_t N) * - FFC_PARAM_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded, * but G is unverifiable. */ -int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int mode, int type, size_t L, size_t N, - int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb) { int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char *seed = NULL, *seed_tmp = NULL; @@ -728,8 +729,8 @@ g_only: goto err; if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - && !ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, - tmp, res)) + && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, + tmp, res)) goto err; /* @@ -777,7 +778,8 @@ g_only: } if (params->p == NULL || params->q == NULL || params->g == NULL) goto err; - if (!ffc_params_set_validate_params(params, seed, seedlen, pcounter)) + if (!ossl_ffc_params_set_validate_params(params, seed, seedlen, + pcounter)) goto err; params->h = hret; } @@ -801,9 +803,10 @@ err: } /* Note this function is only used for verification in fips mode */ -int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int mode, int type, size_t L, size_t N, - int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb) { int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char seed[SHA256_DIGEST_LENGTH]; @@ -988,8 +991,9 @@ g_only: if (!generate_unverifiable_g(ctx, mont, g, tmp, p, r0, test, &hret)) goto err; } else if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - && !ffc_params_validate_unverifiable_g(ctx, mont, p, q, - params->g, tmp, res)) { + && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, + params->g, tmp, + res)) { goto err; } @@ -1011,7 +1015,7 @@ g_only: } if (params->p == NULL || params->q == NULL || params->g == NULL) goto err; - if (!ffc_params_set_validate_params(params, seed, qsize, pcounter)) + if (!ossl_ffc_params_set_validate_params(params, seed, qsize, pcounter)) goto err; params->h = hret; } @@ -1029,21 +1033,21 @@ err: return ok; } -int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb) { - return ffc_params_FIPS186_4_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); + return ossl_ffc_params_FIPS186_4_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb); } /* This should no longer be used in FIPS mode */ -int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb) { - return ffc_params_FIPS186_2_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); + return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb); } diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c index 9221b13d17..bdc59968b2 100644 --- a/crypto/ffc/ffc_params_validate.c +++ b/crypto/ffc/ffc_params_validate.c @@ -16,9 +16,10 @@ #include "internal/ffc.h" /* FIPS186-4 A.2.2 Unverifiable partial validation of Generator g */ -int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const BIGNUM *p, const BIGNUM *q, - const BIGNUM *g, BIGNUM *tmp, int *ret) +int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, + const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, BIGNUM *tmp, + int *ret) { /* * A.2.2 Step (1) AND @@ -44,8 +45,9 @@ int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, return 1; } -int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, - int type, int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, + const FFC_PARAMS *params, int type, + int *res, BN_GENCB *cb) { size_t L, N; @@ -55,14 +57,15 @@ int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ L = BN_num_bits(params->p); N = BN_num_bits(params->q); - return ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); + return ossl_ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params, + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } /* This may be used in FIPS mode to validate deprecated FIPS-186-2 Params */ -int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, - int type, int *res, BN_GENCB *cb) +int ossl_ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, + const FFC_PARAMS *params, int type, + int *res, BN_GENCB *cb) { size_t L, N; @@ -74,9 +77,9 @@ int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ L = BN_num_bits(params->p); N = BN_num_bits(params->q); - return ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); + return ossl_ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params, + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } /* @@ -85,7 +88,8 @@ int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, * extra parameters such as the digest and seed, which may not be available for * this test. */ -int ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type) +int ossl_ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, + int type) { int ret, res = 0; int save_gindex; @@ -101,10 +105,12 @@ int ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type #ifndef FIPS_MODULE if (save_flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) - ret = ffc_params_FIPS186_2_validate(libctx, params, type, &res, NULL); + ret = ossl_ffc_params_FIPS186_2_validate(libctx, params, type, &res, + NULL); else #endif - ret = ffc_params_FIPS186_4_validate(libctx, params, type, &res, NULL); + ret = ossl_ffc_params_FIPS186_4_validate(libctx, params, type, &res, + NULL); params->flags = save_flags; params->gindex = save_gindex; return ret != FFC_PARAM_RET_STATUS_FAILED; |