diff options
author | Matt Caswell <matt@openssl.org> | 2020-05-20 14:46:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-19 10:19:31 +0100 |
commit | 023b188ca553aa4318d8e7021e3abbbb98833410 (patch) | |
tree | 5c07206b35fe146b26c164f6c79d340da745a1bf /crypto | |
parent | 11a1b341f3bc6a0afe75f9432f623026624fb720 (diff) |
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dh/dh_lib.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 31 | ||||
-rw-r--r-- | crypto/evp/pmeth_lib.c | 4 | ||||
-rw-r--r-- | crypto/ffc/ffc_backend.c | 2 | ||||
-rw-r--r-- | crypto/ffc/ffc_params.c | 2 |
5 files changed, 36 insertions, 7 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 3a523c3591..2a3921a137 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 00d6b27177..ef978ec6f1 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -14,6 +14,7 @@ #include <openssl/params.h> #include <openssl/core_names.h> #include <openssl/dh.h> +#include <openssl/ec.h> #include "crypto/evp.h" #include "internal/provider.h" #include "evp_local.h" @@ -946,7 +947,34 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; OSSL_PARAM *p = params; - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { + if (ctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) { +#ifndef FIPS_MODULE + int nid; + + /* Could be a legacy key, try and convert to a ctrl */ + if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) { +# ifndef OPENSSL_NO_DH + if (ctx->pmeth->pkey_id == EVP_PKEY_DH) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, + EVP_PKEY_OP_PARAMGEN + | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_NID, nid, NULL); +# endif +# ifndef OPENSSL_NO_EC + if (ctx->pmeth->pkey_id == EVP_PKEY_EC) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, + nid, NULL); +# endif + } +#endif ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); /* Uses the same return values as EVP_PKEY_CTX_ctrl */ return -2; @@ -966,6 +994,7 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen) OSSL_PARAM *p = params; if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { + /* There is no legacy support for this */ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); /* Uses the same return values as EVP_PKEY_CTX_ctrl */ return -2; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 4c1c01c703..52c304227b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1055,9 +1055,9 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_FFC_TYPE; value = dh_gen_type_id2name(atoi(value)); } else if (strcmp(name, "dh_param") == 0) - name = OSSL_PKEY_PARAM_DH_GROUP; + name = OSSL_PKEY_PARAM_GROUP_NAME; else if (strcmp(name, "dh_rfc5114") == 0) { - name = OSSL_PKEY_PARAM_DH_GROUP; + name = OSSL_PKEY_PARAM_GROUP_NAME; value = ffc_named_group_from_uid(atoi(value)); } else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 49f42d70d0..6e269ebf56 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (ffc == NULL) return 0; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_UTF8_STRING) goto err; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index 0796d34337..d70aeea35b 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -265,7 +265,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_DH_GROUP, + OSSL_PKEY_PARAM_GROUP_NAME, name)) return 0; #else |