diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-03-09 10:14:45 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-03-18 17:52:37 +1000 |
| commit | 4158b0dc1d73ce73b9a924b77205f4d2b67abdc1 (patch) | |
| tree | f915fd1dcc71d716f0b93353dbb19af4dff052bc /crypto/rsa | |
| parent | 2858156e0309031da8476e51fe76f0ce8c15010f (diff) | |
Add ossl_rsa symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
Diffstat (limited to 'crypto/rsa')
| -rw-r--r-- | crypto/rsa/rsa_acvp_test_params.c | 18 | ||||
| -rw-r--r-- | crypto/rsa/rsa_ameth.c | 23 | ||||
| -rw-r--r-- | crypto/rsa/rsa_asn1.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_backend.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_chk.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_gen.c | 7 | ||||
| -rw-r--r-- | crypto/rsa/rsa_lib.c | 24 | ||||
| -rw-r--r-- | crypto/rsa/rsa_local.h | 18 | ||||
| -rw-r--r-- | crypto/rsa/rsa_mp.c | 12 | ||||
| -rw-r--r-- | crypto/rsa/rsa_pmeth.c | 13 | ||||
| -rw-r--r-- | crypto/rsa/rsa_sign.c | 8 |
11 files changed, 66 insertions, 63 deletions
diff --git a/crypto/rsa/rsa_acvp_test_params.c b/crypto/rsa/rsa_acvp_test_params.c index c1d07cb334..908f605934 100644 --- a/crypto/rsa/rsa_acvp_test_params.c +++ b/crypto/rsa/rsa_acvp_test_params.c @@ -13,7 +13,7 @@ #include "crypto/rsa.h" #include "rsa_local.h" -int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]) +int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]) { const OSSL_PARAM *p, *s; OSSL_PARAM *d, *alloc = NULL; @@ -53,16 +53,16 @@ int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]) } } if (ret == 0) { - rsa_acvp_test_gen_params_free(alloc); + ossl_rsa_acvp_test_gen_params_free(alloc); alloc = NULL; } if (*dst != NULL) - rsa_acvp_test_gen_params_free(*dst); + ossl_rsa_acvp_test_gen_params_free(*dst); *dst = alloc; return ret; } -void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst) +void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst) { OSSL_PARAM *p; @@ -76,13 +76,13 @@ void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst) OPENSSL_free(dst); } -int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]) +int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]) { RSA_ACVP_TEST *t; const OSSL_PARAM *p; if (r->acvp_test != NULL) { - rsa_acvp_test_free(r->acvp_test); + ossl_rsa_acvp_test_free(r->acvp_test); r->acvp_test = NULL; } @@ -118,11 +118,11 @@ int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]) r->acvp_test = t; return 1; err: - rsa_acvp_test_free(t); + ossl_rsa_acvp_test_free(t); return 0; } -int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]) +int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]) { RSA_ACVP_TEST *t; OSSL_PARAM *p; @@ -148,7 +148,7 @@ int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]) return 1; } -void rsa_acvp_test_free(RSA_ACVP_TEST *t) +void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t) { if (t != NULL) { BN_free(t->Xp1); diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 6be5a908af..9e9366757d 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -493,8 +493,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: if (pkey->pkey.rsa->pss != NULL) { - if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md, - &min_saltlen)) { + if (!ossl_rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md, + &min_saltlen)) { ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); return 0; } @@ -537,11 +537,11 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; } - return rsa_pss_params_create(sigmd, mgf1md, saltlen); + return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen); } -RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen) +RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, + const EVP_MD *mgf1md, int saltlen) { RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); @@ -603,7 +603,7 @@ int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, /* Decode PSS parameters */ pss = rsa_pss_decode(sigalg); - if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) { + if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS); goto err; } @@ -686,8 +686,8 @@ static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss, return 1; } -int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen) +int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, + const EVP_MD **pmgf1md, int *psaltlen) { /* * Callers do not care about the trailer field, and yet, we must @@ -717,7 +717,7 @@ static int rsa_sync_to_pss_params_30(RSA *rsa) * to even read a key with invalid values, making it hard to test * a bad situation. * - * Other routines use rsa_pss_get_param(), so the values will be + * Other routines use ossl_rsa_pss_get_param(), so the values will be * checked, eventually. */ if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md, @@ -807,7 +807,7 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, return 0; /* Decode PSS parameters */ pss = rsa_pss_decode(sigalg); - if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) + if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) goto err; mdnid = EVP_MD_type(md); /* @@ -965,7 +965,8 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, const EVP_MD *md = EVP_get_digestbynid(mdnid); const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid); - if ((rsa->pss = rsa_pss_params_create(md, mgf1md, saltlen)) == NULL) + if ((rsa->pss = ossl_rsa_pss_params_create(md, mgf1md, + saltlen)) == NULL) goto err; } break; diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index d1e1470d37..c5799d8e4d 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -42,7 +42,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* not a multi-prime key, skip */ return 1; } - return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0; + return (ossl_rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0; } return 1; } diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 30b16f25c6..8c16a56db5 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -161,7 +161,7 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) /* The acvp test results are not meant for export so check for bld == NULL */ if (bld == NULL) - rsa_acvp_test_get_params(rsa, params); + ossl_rsa_acvp_test_get_params(rsa, params); #endif ret = 1; err: diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 0c32e01426..0596d129c1 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -36,7 +36,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb) if (key->version == RSA_ASN1_VERSION_MULTI) { ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos); if (ex_primes <= 0 - || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) { + || (ex_primes + 2) > ossl_rsa_multip_cap(BN_num_bits(key->n))) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY); return 0; } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index a2192df575..07a3a7800e 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -97,7 +97,7 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, return 0; } - if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) { + if (primes < RSA_DEFAULT_PRIME_NUM || primes > ossl_rsa_multip_cap(bits)) { ok = 0; /* we set our own err */ ERR_raise(ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID); goto err; @@ -154,13 +154,14 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, goto err; if (rsa->prime_infos != NULL) { /* could this happen? */ - sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free); + sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, + ossl_rsa_multip_info_free); } rsa->prime_infos = prime_infos; /* prime_info from 2 to |primes| -1 */ for (i = 2; i < primes; i++) { - pinfo = rsa_multip_info_new(); + pinfo = ossl_rsa_multip_info_new(); if (pinfo == NULL) goto err; (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index dfc74ec951..89cd4da527 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -163,12 +163,12 @@ void RSA_free(RSA *r) BN_clear_free(r->iqmp); #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - rsa_acvp_test_free(r->acvp_test); + ossl_rsa_acvp_test_free(r->acvp_test); #endif #ifndef FIPS_MODULE RSA_PSS_PARAMS_free(r->pss); - sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); + sk_RSA_PRIME_INFO_pop_free(r->prime_infos, ossl_rsa_multip_info_free); #endif BN_BLINDING_free(r->blinding); BN_BLINDING_free(r->mt_blinding); @@ -357,7 +357,7 @@ int RSA_security_bits(const RSA *rsa) /* This ought to mean that we have private key at hand. */ int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos); - if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits)) + if (ex_primes <= 0 || (ex_primes + 2) > ossl_rsa_multip_cap(bits)) return 0; } #endif @@ -469,7 +469,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], old = r->prime_infos; for (i = 0; i < pnum; i++) { - pinfo = rsa_multip_info_new(); + pinfo = ossl_rsa_multip_info_new(); if (pinfo == NULL) goto err; if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { @@ -483,7 +483,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); } else { - rsa_multip_info_free(pinfo); + ossl_rsa_multip_info_free(pinfo); goto err; } (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); @@ -491,7 +491,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], r->prime_infos = prime_infos; - if (!rsa_multip_calc_product(r)) { + if (!ossl_rsa_multip_calc_product(r)) { r->prime_infos = old; goto err; } @@ -503,7 +503,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], * be freed in that case. So currently, stay consistent * with other *set0* functions: just free it... */ - sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free); + sk_RSA_PRIME_INFO_pop_free(old, ossl_rsa_multip_info_free); } r->version = RSA_ASN1_VERSION_MULTI; @@ -512,7 +512,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], return 1; err: /* r, d, t should not be freed */ - sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex); + sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); return 0; } #endif @@ -749,7 +749,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, if (!ossl_assert(prime != NULL && exp != NULL && coeff != NULL)) goto err; - /* Using rsa_multip_info_new() is wasteful, so allocate directly */ + /* Using ossl_rsa_multip_info_new() is wasteful, so allocate directly */ if ((pinfo = OPENSSL_zalloc(sizeof(*pinfo))) == NULL) { ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); goto err; @@ -766,7 +766,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, r->prime_infos = prime_infos; - if (!rsa_multip_calc_product(r)) { + if (!ossl_rsa_multip_calc_product(r)) { r->prime_infos = old_infos; goto err; } @@ -783,7 +783,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, * be freed in that case. So currently, stay consistent * with other *set0* functions: just free it... */ - sk_RSA_PRIME_INFO_pop_free(old_infos, rsa_multip_info_free); + sk_RSA_PRIME_INFO_pop_free(old_infos, ossl_rsa_multip_info_free); } #endif @@ -794,7 +794,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, #ifndef FIPS_MODULE err: /* r, d, t should not be freed */ - sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex); + sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); return 0; #endif } diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 3a8d6fe286..73f7f91804 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -157,16 +157,16 @@ struct rsa_meth_st { #define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) #define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) -RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen); -int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen); +RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, + const EVP_MD *mgf1md, int saltlen); +int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, + const EVP_MD **pmgf1md, int *psaltlen); /* internal function to clear and free multi-prime parameters */ -void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); -void rsa_multip_info_free(RSA_PRIME_INFO *pinfo); -RSA_PRIME_INFO *rsa_multip_info_new(void); -int rsa_multip_calc_product(RSA *rsa); -int rsa_multip_cap(int bits); +void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); +void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo); +RSA_PRIME_INFO *ossl_rsa_multip_info_new(void); +int ossl_rsa_multip_calc_product(RSA *rsa); +int ossl_rsa_multip_cap(int bits); int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength); int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c index f385a589cf..410dc690cf 100644 --- a/crypto/rsa/rsa_mp.c +++ b/crypto/rsa/rsa_mp.c @@ -12,23 +12,23 @@ #include <openssl/err.h> #include "rsa_local.h" -void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) +void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) { /* free pp and pinfo only */ BN_clear_free(pinfo->pp); OPENSSL_free(pinfo); } -void rsa_multip_info_free(RSA_PRIME_INFO *pinfo) +void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo) { /* free a RSA_PRIME_INFO structure */ BN_clear_free(pinfo->r); BN_clear_free(pinfo->d); BN_clear_free(pinfo->t); - rsa_multip_info_free_ex(pinfo); + ossl_rsa_multip_info_free_ex(pinfo); } -RSA_PRIME_INFO *rsa_multip_info_new(void) +RSA_PRIME_INFO *ossl_rsa_multip_info_new(void) { RSA_PRIME_INFO *pinfo; @@ -58,7 +58,7 @@ RSA_PRIME_INFO *rsa_multip_info_new(void) } /* Refill products of primes */ -int rsa_multip_calc_product(RSA *rsa) +int ossl_rsa_multip_calc_product(RSA *rsa) { RSA_PRIME_INFO *pinfo; BIGNUM *p1 = NULL, *p2 = NULL; @@ -97,7 +97,7 @@ int rsa_multip_calc_product(RSA *rsa) return rv; } -int rsa_multip_cap(int bits) +int ossl_rsa_multip_cap(int bits) { int cap = 5; diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 203612503b..6e7e7a27e1 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -225,9 +225,9 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, memcpy(rout, rctx->tbuf, ret); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { size_t sltmp; - ret = int_rsa_verify(EVP_MD_type(rctx->md), - NULL, 0, rout, &sltmp, - sig, siglen, ctx->pkey->pkey.rsa); + ret = ossl_rsa_verify(EVP_MD_type(rctx->md), + NULL, 0, rout, &sltmp, + sig, siglen, ctx->pkey->pkey.rsa); if (ret <= 0) return 0; ret = sltmp; @@ -711,8 +711,9 @@ static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx) /* If all parameters are default values don't set pss */ if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2) return 1; - rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md, - rctx->saltlen == -2 ? 0 : rctx->saltlen); + rsa->pss = ossl_rsa_pss_params_create(rctx->md, rctx->mgf1md, + rctx->saltlen == -2 + ? 0 : rctx->saltlen); if (rsa->pss == NULL) return 0; return 1; @@ -818,7 +819,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx) if (rsa->pss == NULL) return 1; /* Get and check parameters */ - if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen)) + if (!ossl_rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen)) return 0; /* See if minimum salt length exceeds maximum possible */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 5664394114..39a90bb244 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -328,9 +328,9 @@ err: * * It returns one on successful verification or zero otherwise. */ -int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *rm, size_t *prm_len, - const unsigned char *sigbuf, size_t siglen, RSA *rsa) +int ossl_rsa_verify(int type, const unsigned char *m, unsigned int m_len, + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, RSA *rsa) { int len, ret = 0; size_t decrypt_len, encoded_len = 0; @@ -453,5 +453,5 @@ int RSA_verify(int type, const unsigned char *m, unsigned int m_len, if (rsa->meth->rsa_verify != NULL) return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa); - return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa); + return ossl_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa); } |