diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-10 10:27:42 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-13 09:49:18 +1000 |
commit | b98f752ec330cdc81d1f27a9506e6dcc8c00af5a (patch) | |
tree | 5cb469c545da743d0751cddf4bfce15e41e483bd /crypto/ffc | |
parent | 466cab4758289f91215eada905cf334d334830fa (diff) |
Export/import flags for FFC params changed to seperate fields.
An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was
not handled by the export/import since the flags were done as string combinations.
To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields.
Fixes 'no-cached-fetch' build which uses export/import.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15210)
Diffstat (limited to 'crypto/ffc')
-rw-r--r-- | crypto/ffc/ffc_backend.c | 19 | ||||
-rw-r--r-- | crypto/ffc/ffc_params.c | 50 | ||||
-rw-r--r-- | crypto/ffc/ffc_params_generate.c | 6 |
3 files changed, 35 insertions, 40 deletions
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 43825d9216..27ce15715a 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -80,12 +80,25 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size)) goto err; } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ); if (prm != NULL) { - if (prm->data_type != OSSL_PARAM_UTF8_STRING) + if (!OSSL_PARAM_get_int(prm, &i)) + goto err; + ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i); + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G); + if (prm != NULL) { + if (!OSSL_PARAM_get_int(prm, &i)) goto err; - ossl_ffc_params_set_flags(ffc, ossl_ffc_params_flags_from_name(prm->data)); + ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i); } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY); + if (prm != NULL) { + if (!OSSL_PARAM_get_int(prm, &i)) + goto err; + ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, i); + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); if (prm != NULL) { const OSSL_PARAM *p1; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index 9f52aa35ad..6e025a06be 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -23,7 +23,7 @@ void ossl_ffc_params_init(FFC_PARAMS *params) memset(params, 0, sizeof(*params)); params->pcounter = -1; params->gindex = FFC_UNVERIFIABLE_GINDEX; - params->flags = FFC_PARAM_FLAG_VALIDATE_ALL; + params->flags = FFC_PARAM_FLAG_VALIDATE_PQG; } void ossl_ffc_params_cleanup(FFC_PARAMS *params) @@ -207,39 +207,11 @@ int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ } -static const OSSL_ITEM flag_map[] = { - { FFC_PARAM_FLAG_VALIDATE_PQ, OSSL_FFC_PARAM_VALIDATE_PQ }, - { FFC_PARAM_FLAG_VALIDATE_G, OSSL_FFC_PARAM_VALIDATE_G }, - { FFC_PARAM_FLAG_VALIDATE_ALL, OSSL_FFC_PARAM_VALIDATE_PQG }, - { 0, "" } -}; - -int ossl_ffc_params_flags_from_name(const char *name) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(flag_map); ++i) { - if (strcasecmp(flag_map[i].ptr, name) == 0) - return flag_map[i].id; - } - return NID_undef; -} - -const char *ossl_ffc_params_flags_to_name(int flags) -{ - size_t i; - - flags &= FFC_PARAM_FLAG_VALIDATE_ALL; - for (i = 0; i < OSSL_NELEM(flag_map); ++i) { - if ((int)flag_map[i].id == flags) - return flag_map[i].ptr; - } - return ""; -} - int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { + int test_flags; + if (ffc == NULL) return 0; @@ -279,10 +251,20 @@ int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, name)) return 0; } - if (!ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE, - ossl_ffc_params_flags_to_name(ffc->flags))) + test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0); + if (!ossl_param_build_set_int(bld, params, + OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags)) return 0; + test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0); + if (!ossl_param_build_set_int(bld, params, + OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags)) + return 0; + test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0); + if (!ossl_param_build_set_int(bld, params, + OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, + test_flags)) + return 0; + if (ffc->mdname != NULL && !ossl_param_build_set_utf8_string(bld, params, OSSL_PKEY_PARAM_FFC_DIGEST, diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index ee13a07d10..26ab9120c6 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -479,7 +479,7 @@ static const char *default_mdname(size_t N) * For validation one of: * -FFC_PARAM_FLAG_VALIDATE_PQ * -FFC_PARAM_FLAG_VALIDATE_G - * -FFC_PARAM_FLAG_VALIDATE_ALL + * -FFC_PARAM_FLAG_VALIDATE_PQG * For generation of p & q: * - This is skipped if p & q are passed in. * - If the seed is passed in then generation of p & q uses this seed (and if @@ -720,7 +720,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, goto err; /* If validating p & q only then skip the g validation test */ - if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ) + if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ) goto pass; g_only: if ((mont = BN_MONT_CTX_new()) == NULL) @@ -972,7 +972,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, } } /* If validating p & q only then skip the g validation test */ - if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ) + if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ) goto pass; g_only: if ((mont = BN_MONT_CTX_new()) == NULL) |