summaryrefslogtreecommitdiffstats
path: root/providers/common
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2021-02-17 20:01:34 +1000
committerPauli <ppzgs1@gmail.com>2021-02-18 21:14:32 +1000
commit7b676cc8c60823570e283fbe325b263670c6ccc2 (patch)
treec38119319f0dff73868b5716a86c643142caed0a /providers/common
parent47c076acfc5debbae386c552bdb423e832042ae7 (diff)
Fix external symbols related to provider related security checks for
keys and digests. Partial fix for #12964 This adds ossl_ names for the following symbols: digest_get_approved_nid, digest_get_approved_nid_with_sha1 digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid, securitycheck_enabled, dh_check_key, dsa_check_key, ec_check_key, Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14211)
Diffstat (limited to 'providers/common')
-rw-r--r--providers/common/digest_to_nid.c6
-rw-r--r--providers/common/include/prov/securitycheck.h18
-rw-r--r--providers/common/securitycheck.c26
-rw-r--r--providers/common/securitycheck_default.c9
-rw-r--r--providers/common/securitycheck_fips.c10
5 files changed, 35 insertions, 34 deletions
diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c
index 496d814173..f66b61b4fa 100644
--- a/providers/common/digest_to_nid.c
+++ b/providers/common/digest_to_nid.c
@@ -20,7 +20,7 @@
* Internal library code deals with NIDs, so we need to translate from a name.
* We do so using EVP_MD_is_a(), and therefore need a name to NID map.
*/
-int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
+int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
{
size_t i;
@@ -37,7 +37,7 @@ int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
* Retrieve one of the FIPs approved hash algorithms by nid.
* See FIPS 180-4 "Secure Hash Standard" and FIPS 202 - SHA-3.
*/
-int digest_get_approved_nid(const EVP_MD *md)
+int ossl_digest_get_approved_nid(const EVP_MD *md)
{
static const OSSL_ITEM name_to_nid[] = {
{ NID_sha1, OSSL_DIGEST_NAME_SHA1 },
@@ -53,5 +53,5 @@ int digest_get_approved_nid(const EVP_MD *md)
{ NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 },
};
- return digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+ return ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
}
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
index a9e69c8a29..2b81092f30 100644
--- a/providers/common/include/prov/securitycheck.h
+++ b/providers/common/include/prov/securitycheck.h
@@ -11,17 +11,17 @@
/* Functions that are common */
int ossl_rsa_check_key(const RSA *rsa, int protect);
-int ec_check_key(const EC_KEY *ec, int protect);
-int dsa_check_key(const DSA *dsa, int sign);
-int dh_check_key(const DH *dh);
+int ossl_ec_check_key(const EC_KEY *ec, int protect);
+int ossl_dsa_check_key(const DSA *dsa, int sign);
+int ossl_dh_check_key(const DH *dh);
-int digest_is_allowed(const EVP_MD *md);
-int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed);
+int ossl_digest_is_allowed(const EVP_MD *md);
+int ossl_digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed);
/* Functions that are common */
-int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
-int digest_get_approved_nid(const EVP_MD *md);
+int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
+int ossl_digest_get_approved_nid(const EVP_MD *md);
/* Functions that have different implementations for the FIPS_MODULE */
-int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed);
-int securitycheck_enabled(void);
+int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed);
+int ossl_securitycheck_enabled(void);
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 9457f4b53a..547b74fe3a 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -28,7 +28,7 @@
int ossl_rsa_check_key(const RSA *rsa, int protect)
{
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled()) {
+ if (ossl_securitycheck_enabled()) {
int sz = RSA_bits(rsa);
return protect ? (sz >= 2048) : (sz >= 1024);
@@ -52,10 +52,10 @@ int ossl_rsa_check_key(const RSA *rsa, int protect)
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
* "Table 2"
*/
-int ec_check_key(const EC_KEY *ec, int protect)
+int ossl_ec_check_key(const EC_KEY *ec, int protect)
{
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled()) {
+ if (ossl_securitycheck_enabled()) {
int nid, strength;
const char *curve_name;
const EC_GROUP *group = EC_KEY_get0_group(ec);
@@ -110,10 +110,10 @@ int ec_check_key(const EC_KEY *ec, int protect)
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
* "Table 2"
*/
-int dsa_check_key(const DSA *dsa, int sign)
+int ossl_dsa_check_key(const DSA *dsa, int sign)
{
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled()) {
+ if (ossl_securitycheck_enabled()) {
size_t L, N;
const BIGNUM *p, *q;
@@ -154,10 +154,10 @@ int dsa_check_key(const DSA *dsa, int sign)
* "Section 5.5.1.1FFC Domain Parameter Selection/Generation" and
* "Appendix D" FFC Safe-prime Groups
*/
-int dh_check_key(const DH *dh)
+int ossl_dh_check_key(const DH *dh)
{
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled()) {
+ if (ossl_securitycheck_enabled()) {
size_t L, N;
const BIGNUM *p, *q;
@@ -187,12 +187,12 @@ int dh_check_key(const DH *dh)
}
#endif /* OPENSSL_NO_DH */
-int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed)
+int ossl_digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed)
{
- int mdnid = digest_get_approved_nid(md);
+ int mdnid = ossl_digest_get_approved_nid(md);
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled()) {
+ if (ossl_securitycheck_enabled()) {
if (mdnid == NID_sha1 && !sha1_allowed)
mdnid = NID_undef;
}
@@ -200,11 +200,11 @@ int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed)
return mdnid;
}
-int digest_is_allowed(const EVP_MD *md)
+int ossl_digest_is_allowed(const EVP_MD *md)
{
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled())
- return digest_get_approved_nid(md) != NID_undef;
+ if (ossl_securitycheck_enabled())
+ return ossl_digest_get_approved_nid(md) != NID_undef;
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
index e88b642ae2..7bb5639882 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -17,12 +17,13 @@
#include "internal/nelem.h"
/* Disable the security checks in the default provider */
-int securitycheck_enabled(void)
+int ossl_securitycheck_enabled(void)
{
return 0;
}
-int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed)
+int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md,
+ ossl_unused int sha1_allowed)
{
int mdnid;
@@ -35,8 +36,8 @@ int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed)
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
- mdnid = digest_get_approved_nid_with_sha1(md, 1);
+ mdnid = ossl_digest_get_approved_nid_with_sha1(md, 1);
if (mdnid == NID_undef)
- mdnid = digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+ mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
return mdnid;
}
diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c
index 5bf59c9a35..35f82433db 100644
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@@ -21,7 +21,7 @@
extern int FIPS_security_check_enabled(void);
-int securitycheck_enabled(void)
+int ossl_securitycheck_enabled(void)
{
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
return FIPS_security_check_enabled();
@@ -30,11 +30,11 @@ int securitycheck_enabled(void)
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
}
-int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed)
+int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed)
{
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
- if (securitycheck_enabled())
- return digest_get_approved_nid_with_sha1(md, sha1_allowed);
+ if (ossl_securitycheck_enabled())
+ return ossl_digest_get_approved_nid_with_sha1(md, sha1_allowed);
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
- return digest_get_approved_nid(md);
+ return ossl_digest_get_approved_nid(md);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 21:54:41 +0000