diff options
author | Richard Levitte <levitte@openssl.org> | 2020-03-23 05:40:47 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-03-25 17:01:32 +0100 |
commit | 0abae1636d7054266dd20724c0d5e06617d9f679 (patch) | |
tree | 2237cb7a395a335ba4da5a530d2116b3e5f0e3aa /include | |
parent | ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff) |
EVP: Implement support for key downgrading in backends
Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.
This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT. Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/dh.h | 2 | ||||
-rw-r--r-- | include/crypto/dsa.h | 2 | ||||
-rw-r--r-- | include/crypto/ec.h | 8 | ||||
-rw-r--r-- | include/crypto/ecx.h | 5 | ||||
-rw-r--r-- | include/crypto/rsa.h | 2 | ||||
-rw-r--r-- | include/internal/ffc.h | 3 |
6 files changed, 22 insertions, 0 deletions
diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 7c7cebdc16..5d5470f165 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <openssl/core.h> #include <openssl/dh.h> #include "internal/ffc.h" @@ -19,6 +20,7 @@ int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key, FFC_PARAMS *dh_get0_params(DH *dh); int dh_get0_nid(const DH *dh); +int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]); int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index eab5d44603..0afec99ae6 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <openssl/core.h> #include <openssl/dsa.h> #include "internal/ffc.h" @@ -24,6 +25,7 @@ int dsa_sign_int(int type, const unsigned char *dgst, const unsigned char *dsa_algorithmidentifier_encoding(int md_nid, size_t *len); FFC_PARAMS *dsa_get0_params(DSA *dsa); +int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]); int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key, BIGNUM *pub_key); diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 00b1b25aff..91fd9ebac9 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -14,6 +14,7 @@ # include <openssl/opensslconf.h> # ifndef OPENSSL_NO_EC +# include <openssl/core.h> # include <openssl/ec.h> /*- @@ -56,5 +57,12 @@ OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey); const char *ec_curve_nid2name(int nid); int ec_curve_name2nid(const char *name); const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len); + +/* Backend support */ +int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private); +int ec_key_domparams_fromdata(EC_KEY *ecx, const OSSL_PARAM params[]); +int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); +int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p); + # endif /* OPENSSL_NO_EC */ #endif diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 8afb104438..41020a22b3 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -15,6 +15,7 @@ # ifndef OPENSSL_NO_EC +# include <openssl/core.h> # include <openssl/e_os2.h> # include <openssl/crypto.h> # include "internal/refcount.h" @@ -107,5 +108,9 @@ int s390x_x448_mul(unsigned char u_dst[56], const unsigned char u_src[56], const unsigned char d_src[56]); +/* Backend support */ +int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], + int include_private); + # endif /* OPENSSL_NO_EC */ #endif diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 09335fafe4..a92e666a3d 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -10,6 +10,7 @@ #ifndef OSSL_INTERNAL_RSA_H # define OSSL_INTERNAL_RSA_H +#include <openssl/core.h> #include <openssl/rsa.h> RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx); @@ -20,6 +21,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, STACK_OF(BIGNUM_const) *exps, STACK_OF(BIGNUM_const) *coeffs); +int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]); int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 006be73d8c..fd1007631e 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -10,6 +10,7 @@ #ifndef OSSL_INTERNAL_FFC_H # define OSSL_INTERNAL_FFC_H +# include <openssl/core.h> # include <openssl/bn.h> # include <openssl/evp.h> # include <openssl/dh.h> /* Uses Error codes from DH */ @@ -154,4 +155,6 @@ int ffc_validate_public_key_partial(const FFC_PARAMS *params, int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, int *ret); +int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); + #endif /* OSSL_INTERNAL_FFC_H */ |