diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-02-17 20:01:34 +1000 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-18 21:14:32 +1000 |
| commit | 7b676cc8c60823570e283fbe325b263670c6ccc2 (patch) | |
| tree | c38119319f0dff73868b5716a86c643142caed0a /providers/implementations | |
| parent | 47c076acfc5debbae386c552bdb423e832042ae7 (diff) | |
Fix external symbols related to provider related security checks for
keys and digests.
Partial fix for #12964
This adds ossl_ names for the following symbols:
digest_get_approved_nid, digest_get_approved_nid_with_sha1
digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid,
securitycheck_enabled,
dh_check_key, dsa_check_key, ec_check_key,
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
Diffstat (limited to 'providers/implementations')
| -rw-r--r-- | providers/implementations/exchange/dh_exch.c | 4 | ||||
| -rw-r--r-- | providers/implementations/exchange/ecdh_exch.c | 6 | ||||
| -rw-r--r-- | providers/implementations/signature/dsa.c | 4 | ||||
| -rw-r--r-- | providers/implementations/signature/ecdsa.c | 4 | ||||
| -rw-r--r-- | providers/implementations/signature/rsa.c | 4 |
5 files changed, 11 insertions, 11 deletions
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index df412ccf73..32ce2ee0ed 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -104,7 +104,7 @@ static int dh_init(void *vpdhctx, void *vdh) DH_free(pdhctx->dh); pdhctx->dh = vdh; pdhctx->kdf_type = PROV_DH_KDF_NONE; - return dh_check_key(vdh); + return ossl_dh_check_key(vdh); } static int dh_set_peer(void *vpdhctx, void *vdh) @@ -321,7 +321,7 @@ static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[]) EVP_MD_free(pdhctx->kdf_md); pdhctx->kdf_md = EVP_MD_fetch(pdhctx->libctx, name, mdprops); - if (!digest_is_allowed(pdhctx->kdf_md)) { + if (!ossl_digest_is_allowed(pdhctx->kdf_md)) { EVP_MD_free(pdhctx->kdf_md); pdhctx->kdf_md = NULL; } diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index a1b17443ba..8d3f748f9b 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -111,7 +111,7 @@ int ecdh_init(void *vpecdhctx, void *vecdh) pecdhctx->k = vecdh; pecdhctx->cofactor_mode = -1; pecdhctx->kdf_type = PROV_ECDH_KDF_NONE; - return ec_check_key(vecdh, 1); + return ossl_ec_check_key(vecdh, 1); } static @@ -126,7 +126,7 @@ int ecdh_set_peer(void *vpecdhctx, void *vecdh) return 0; EC_KEY_free(pecdhctx->peerk); pecdhctx->peerk = vecdh; - return ec_check_key(vecdh, 1); + return ossl_ec_check_key(vecdh, 1); } static @@ -254,7 +254,7 @@ int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) EVP_MD_free(pectx->kdf_md); pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops); - if (!digest_is_allowed(pectx->kdf_md)) { + if (!ossl_digest_is_allowed(pectx->kdf_md)) { EVP_MD_free(pectx->kdf_md); pectx->kdf_md = NULL; } diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index be1a8fca3f..e6dd538708 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -127,7 +127,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); WPACKET pkt; EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); - int md_nid = digest_get_approved_nid_with_sha1(md, sha1_allowed); + int md_nid = ossl_digest_get_approved_nid_with_sha1(md, sha1_allowed); size_t mdname_len = strlen(mdname); if (md == NULL || md_nid == NID_undef) { @@ -183,7 +183,7 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation) DSA_free(pdsactx->dsa); pdsactx->dsa = vdsa; pdsactx->operation = operation; - if (!dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) { + if (!ossl_dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index ed21ac79c3..aff3724435 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -137,7 +137,7 @@ static int ecdsa_signverify_init(void *vctx, void *ec, int operation) EC_KEY_free(ctx->ec); ctx->ec = ec; ctx->operation = operation; - return ec_check_key(ec, operation == EVP_PKEY_OP_SIGN); + return ossl_ec_check_key(ec, operation == EVP_PKEY_OP_SIGN); } static int ecdsa_sign_init(void *vctx, void *ec) @@ -222,7 +222,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, return 0; } sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - md_nid = digest_get_approved_nid_with_sha1(md, sha1_allowed); + md_nid = ossl_digest_get_approved_nid_with_sha1(md, sha1_allowed); if (md_nid == NID_undef) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 4cdd90a5c6..a69981a36a 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -276,7 +276,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - int md_nid = digest_rsa_sign_get_md_nid(md, sha1_allowed); + int md_nid = ossl_digest_rsa_sign_get_md_nid(md, sha1_allowed); size_t mdname_len = strlen(mdname); if (md == NULL @@ -335,7 +335,7 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, return 0; } /* The default for mgf1 is SHA1 - so allow SHA1 */ - if ((mdnid = digest_rsa_sign_get_md_nid(md, 1)) == NID_undef + if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md, 1)) == NID_undef || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { if (mdnid == NID_undef) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |