Make EVP_PKEY_CTX_[get|set]_group_name work for DH too

The previous commit added the EVP_PKEY_CTX_[get|set]_group_name functions to work with EC groups. We now extend that to also work for DH. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
author: Matt Caswell <matt@openssl.org> 2020-05-20 14:46:22 +0100
committer: Matt Caswell <matt@openssl.org> 2020-06-19 10:19:31 +0100
commit: 023b188ca553aa4318d8e7021e3abbbb98833410 (patch)
tree: 5c07206b35fe146b26c164f6c79d340da745a1bf /crypto
parent: 11a1b341f3bc6a0afe75f9432f623026624fb720 (diff)
5 files changed, 36 insertions, 7 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 3a523c3591..2a3921a137 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
     if (name == NULL)
         return 0;
 
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP,
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                             (void *)name, 0);
     *p++ = OSSL_PARAM_construct_end();
     return EVP_PKEY_CTX_set_params(ctx, params);
@@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
     if (name == NULL)
         return 0;
 
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP,
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                             (void *)name, 0);
     *p++ = OSSL_PARAM_construct_end();
     return EVP_PKEY_CTX_set_params(ctx, params);
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 00d6b27177..ef978ec6f1 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -14,6 +14,7 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include <openssl/dh.h>
+#include <openssl/ec.h>
 #include "crypto/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
@@ -946,7 +947,34 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
     OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
     OSSL_PARAM *p = params;
 
-    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+
+    if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+#ifndef FIPS_MODULE
+        int nid;
+
+        /* Could be a legacy key, try and convert to a ctrl */
+        if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
+# ifndef OPENSSL_NO_DH
+            if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
+                                         EVP_PKEY_OP_PARAMGEN
+                                         | EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_DH_NID, nid, NULL);
+# endif
+# ifndef OPENSSL_NO_EC
+            if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+                                         EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
+                                         nid, NULL);
+# endif
+        }
+#endif
         ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
         /* Uses the same return values as EVP_PKEY_CTX_ctrl */
         return -2;
@@ -966,6 +994,7 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
     OSSL_PARAM *p = params;
 
     if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+        /* There is no legacy support for this */
         ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
         /* Uses the same return values as EVP_PKEY_CTX_ctrl */
         return -2;
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 4c1c01c703..52c304227b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1055,9 +1055,9 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
         name = OSSL_PKEY_PARAM_FFC_TYPE;
         value = dh_gen_type_id2name(atoi(value));
     } else if (strcmp(name, "dh_param") == 0)
-        name = OSSL_PKEY_PARAM_DH_GROUP;
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
     else if (strcmp(name, "dh_rfc5114") == 0) {
-        name = OSSL_PKEY_PARAM_DH_GROUP;
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
         value = ffc_named_group_from_uid(atoi(value));
     } else if (strcmp(name, "dh_pad") == 0)
         name = OSSL_EXCHANGE_PARAM_PAD;
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index 49f42d70d0..6e269ebf56 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
     if (ffc == NULL)
         return 0;
 
-    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP);
+    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (prm != NULL) {
         if (prm->data_type != OSSL_PARAM_UTF8_STRING)
             goto err;
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 0796d34337..d70aeea35b 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -265,7 +265,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
 
         if (name == NULL
             || !ossl_param_build_set_utf8_string(bld, params,
-                                                 OSSL_PKEY_PARAM_DH_GROUP,
+                                                 OSSL_PKEY_PARAM_GROUP_NAME,
                                                  name))
             return 0;
 #else
author	Matt Caswell <matt@openssl.org>	2020-05-20 14:46:22 +0100
committer	Matt Caswell <matt@openssl.org>	2020-06-19 10:19:31 +0100
commit	023b188ca553aa4318d8e7021e3abbbb98833410 (patch)
tree	5c07206b35fe146b26c164f6c79d340da745a1bf /crypto
parent	11a1b341f3bc6a0afe75f9432f623026624fb720 (diff)