diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-20 13:49:08 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-11 12:46:42 +0200 |
commit | f925315203f77d0241183ccabfc784d259b0a152 (patch) | |
tree | 2d92c75d7e19d48de1ed8da32b724b3603f5a3c6 /crypto | |
parent | 6dbb277627de86578577185084378135605d2df1 (diff) |
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/conf/conf_def.c | 3 | ||||
-rw-r--r-- | crypto/ec/ec_backend.c | 2 | ||||
-rw-r--r-- | crypto/evp/ctrl_params_translate.c | 2 | ||||
-rw-r--r-- | crypto/evp/ec_support.c | 2 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 60 | ||||
-rw-r--r-- | crypto/evp/pmeth_gn.c | 6 |
6 files changed, 67 insertions, 8 deletions
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index ea6b5bf244..25fcc0400c 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -11,8 +11,8 @@ #include <stdio.h> #include <string.h> +#include "e_os.h" /* strcasecmp and struct stat */ #ifdef __TANDEM -# include <strings.h> /* strcasecmp */ # include <sys/types.h> /* needed for stat.h */ # include <sys/stat.h> /* struct stat */ #endif @@ -28,7 +28,6 @@ # include <sys/stat.h> # ifdef _WIN32 # define stat _stat -# define strcasecmp _stricmp # endif #endif diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 6acfa21f69..defcb649fb 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -328,7 +328,7 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, if (curve_nid != NID_undef) { /* Named curve */ - const char *curve_name = ossl_ec_curve_nid2name(curve_nid); + const char *curve_name = OSSL_EC_curve_nid2name(curve_nid); if (curve_name == NULL || !ossl_param_build_set_utf8_string(tmpl, params, diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index f48e723c33..3a49aea931 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1482,7 +1482,7 @@ static int get_payload_group_name(enum state state, if (grp != NULL) nid = EC_GROUP_get_curve_name(grp); if (nid != NID_undef) - ctx->p2 = (char *)ossl_ec_curve_nid2name(nid); + ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid); } break; #endif diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c index 24337a5eac..8550be65e7 100644 --- a/crypto/evp/ec_support.c +++ b/crypto/evp/ec_support.c @@ -115,7 +115,7 @@ static const EC_NAME2NID curve_list[] = { {"SM2", NID_sm2 }, }; -const char *ossl_ec_curve_nid2name(int nid) +const char *OSSL_EC_curve_nid2name(int nid) { size_t i; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 842ee51b8d..5cd3cc6112 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -14,11 +14,14 @@ #include "internal/deprecated.h" #include <stdio.h> +#include <string.h> +#include "e_os.h" /* strcasecmp */ #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/params.h> #include <openssl/core_names.h> +#include <openssl/rsa.h> #include <openssl/dh.h> #include <openssl/ec.h> #include "crypto/evp.h" @@ -27,6 +30,7 @@ #include "evp_local.h" #if !defined(FIPS_MODULE) + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { return evp_cipher_param_to_asn1_ex(c, type, NULL); @@ -1111,3 +1115,59 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen) return -1; return 1; } + +/* + * evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> + * while providing a generic way of generating a new asymmetric key pair + * of algorithm type I<name> (e.g., C<RSA> or C<EC>). + * The library context I<libctx> and property query I<propq> + * are used when fetching algorithms from providers. + * The I<params> specify algorithm-specific parameters + * such as the RSA modulus size or the name of an EC curve. + */ +static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name, + const char *propq, OSSL_PARAM *params) +{ + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq); + + if (ctx != NULL + && EVP_PKEY_keygen_init(ctx) > 0 + && EVP_PKEY_CTX_set_params(ctx, params)) + (void)EVP_PKEY_generate(ctx, &pkey); + + EVP_PKEY_CTX_free(ctx); + return pkey; +} + +EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + const char *type, ...) +{ + va_list args; + size_t bits; + char *name; + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + EVP_PKEY *ret = NULL; + + va_start(args, type); + + if (strcasecmp(type, "RSA") == 0) { + bits = va_arg(args, size_t); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); + } else if (strcasecmp(type, "EC") == 0) { + name = va_arg(args, char *); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + name, 0); + } else if (strcasecmp(type, "ED25519") != 0 + && strcasecmp(type, "X25519") != 0 + && strcasecmp(type, "ED448") != 0 + && strcasecmp(type, "X448") != 0) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); + goto end; + } + ret = evp_pkey_keygen(libctx, type, propq, params); + + end: + va_end(args); + return ret; +} diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index e184db26a0..94499b1d45 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -123,7 +123,7 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg) return ctx->pkey_gencb(ctx); } -int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) +int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret = 0; OSSL_CALLBACK cb; @@ -262,7 +262,7 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } - return EVP_PKEY_gen(ctx, ppkey); + return EVP_PKEY_generate(ctx, ppkey); } int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) @@ -271,7 +271,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); return -1; } - return EVP_PKEY_gen(ctx, ppkey); + return EVP_PKEY_generate(ctx, ppkey); } void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) |