summaryrefslogtreecommitdiffstats
path: root/crypto/ffc
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2021-05-10 10:27:42 +1000
committerShane Lontis <shane.lontis@oracle.com>2021-05-13 09:49:18 +1000
commitb98f752ec330cdc81d1f27a9506e6dcc8c00af5a (patch)
tree5cb469c545da743d0751cddf4bfce15e41e483bd /crypto/ffc
parent466cab4758289f91215eada905cf334d334830fa (diff)
Export/import flags for FFC params changed to seperate fields.
An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was not handled by the export/import since the flags were done as string combinations. To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields. Fixes 'no-cached-fetch' build which uses export/import. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15210)
Diffstat (limited to 'crypto/ffc')
-rw-r--r--crypto/ffc/ffc_backend.c19
-rw-r--r--crypto/ffc/ffc_params.c50
-rw-r--r--crypto/ffc/ffc_params_generate.c6
3 files changed, 35 insertions, 40 deletions
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index 43825d9216..27ce15715a 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -80,12 +80,25 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size))
goto err;
}
- prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE);
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ);
if (prm != NULL) {
- if (prm->data_type != OSSL_PARAM_UTF8_STRING)
+ if (!OSSL_PARAM_get_int(prm, &i))
+ goto err;
+ ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i);
+ }
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_int(prm, &i))
goto err;
- ossl_ffc_params_set_flags(ffc, ossl_ffc_params_flags_from_name(prm->data));
+ ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i);
}
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_int(prm, &i))
+ goto err;
+ ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, i);
+ }
+
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
if (prm != NULL) {
const OSSL_PARAM *p1;
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 9f52aa35ad..6e025a06be 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -23,7 +23,7 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
memset(params, 0, sizeof(*params));
params->pcounter = -1;
params->gindex = FFC_UNVERIFIABLE_GINDEX;
- params->flags = FFC_PARAM_FLAG_VALIDATE_ALL;
+ params->flags = FFC_PARAM_FLAG_VALIDATE_PQG;
}
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
@@ -207,39 +207,11 @@ int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q)
&& (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */
}
-static const OSSL_ITEM flag_map[] = {
- { FFC_PARAM_FLAG_VALIDATE_PQ, OSSL_FFC_PARAM_VALIDATE_PQ },
- { FFC_PARAM_FLAG_VALIDATE_G, OSSL_FFC_PARAM_VALIDATE_G },
- { FFC_PARAM_FLAG_VALIDATE_ALL, OSSL_FFC_PARAM_VALIDATE_PQG },
- { 0, "" }
-};
-
-int ossl_ffc_params_flags_from_name(const char *name)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
- if (strcasecmp(flag_map[i].ptr, name) == 0)
- return flag_map[i].id;
- }
- return NID_undef;
-}
-
-const char *ossl_ffc_params_flags_to_name(int flags)
-{
- size_t i;
-
- flags &= FFC_PARAM_FLAG_VALIDATE_ALL;
- for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
- if ((int)flag_map[i].id == flags)
- return flag_map[i].ptr;
- }
- return "";
-}
-
int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
OSSL_PARAM params[])
{
+ int test_flags;
+
if (ffc == NULL)
return 0;
@@ -279,10 +251,20 @@ int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
name))
return 0;
}
- if (!ossl_param_build_set_utf8_string(bld, params,
- OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
- ossl_ffc_params_flags_to_name(ffc->flags)))
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags))
return 0;
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags))
+ return 0;
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY,
+ test_flags))
+ return 0;
+
if (ffc->mdname != NULL
&& !ossl_param_build_set_utf8_string(bld, params,
OSSL_PKEY_PARAM_FFC_DIGEST,
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index ee13a07d10..26ab9120c6 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -479,7 +479,7 @@ static const char *default_mdname(size_t N)
* For validation one of:
* -FFC_PARAM_FLAG_VALIDATE_PQ
* -FFC_PARAM_FLAG_VALIDATE_G
- * -FFC_PARAM_FLAG_VALIDATE_ALL
+ * -FFC_PARAM_FLAG_VALIDATE_PQG
* For generation of p & q:
* - This is skipped if p & q are passed in.
* - If the seed is passed in then generation of p & q uses this seed (and if
@@ -720,7 +720,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
goto err;
/* If validating p & q only then skip the g validation test */
- if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ)
+ if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ)
goto pass;
g_only:
if ((mont = BN_MONT_CTX_new()) == NULL)
@@ -972,7 +972,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
}
}
/* If validating p & q only then skip the g validation test */
- if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ)
+ if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ)
goto pass;
g_only:
if ((mont = BN_MONT_CTX_new()) == NULL)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 08:09:29 +0000