diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-12-01 19:11:59 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-12-16 11:55:39 +0100 |
| commit | c829c23b67308ad8e8ab677c78db1d5151106c3c (patch) | |
| tree | a1b4b7aeb5cc3093db9df76e06e02ce18f1653ed /providers | |
| parent | d33ab074ef9847b67d96961f85f4ad614395d2c2 (diff) | |
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH. This change solves that problem by shuffling these functions to
more appropriate places.
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Partially fixes #13550
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/encode_decode/encode_key2text.c | 3 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/dh_kmgmt.c | 46 |
2 files changed, 12 insertions, 37 deletions
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 2ac5046bf3..49bbf8c2af 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -159,7 +159,8 @@ static int ffc_params_to_text(BIO *out, const FFC_PARAMS *ffc) { if (ffc->nid != NID_undef) { #ifndef OPENSSL_NO_DH - const char *name = ossl_ffc_named_group_from_uid(ffc->nid); + const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid); + const char *name = ossl_ffc_named_group_get_name(group); if (name == NULL) goto err; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index dc0f3b2acd..1d674a14bf 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -23,7 +23,6 @@ #include "prov/provider_ctx.h" #include "crypto/dh.h" #include "internal/sizes.h" -#include "internal/nelem.h" static OSSL_FUNC_keymgmt_new_fn dh_newdata; static OSSL_FUNC_keymgmt_free_fn dh_freedata; @@ -76,34 +75,8 @@ struct dh_gen_ctx { int dh_type; }; -typedef struct dh_name2id_st{ - const char *name; - int id; -} DH_GENTYPE_NAME2ID; - -static const DH_GENTYPE_NAME2ID dhtype2id[]= -{ - { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 }, - { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 }, - { "group", DH_PARAMGEN_TYPE_GROUP }, - { "generator", DH_PARAMGEN_TYPE_GENERATOR } -}; - -const char *dh_gen_type_id2name(int id) +static int dh_gen_type_name2id_w_default(const char *name, int type) { - size_t i; - - for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) { - if (dhtype2id[i].id == id) - return dhtype2id[i].name; - } - return NULL; -} - -static int dh_gen_type_name2id(const char *name, int type) -{ - size_t i; - if (strcmp(name, "default") == 0) { #ifdef FIPS_MODULE if (type == DH_FLAG_TYPE_DHX) @@ -118,11 +91,7 @@ static int dh_gen_type_name2id(const char *name, int type) #endif } - for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) { - if (strcmp(dhtype2id[i].name, name) == 0) - return dhtype2id[i].id; - } - return -1; + return dh_gen_type_name2id(name); } static void *dh_newdata(void *provctx) @@ -506,16 +475,21 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING - || ((gctx->gen_type = dh_gen_type_name2id(p->data, - gctx->dh_type)) == -1)) { + || ((gctx->gen_type = + dh_gen_type_name2id_w_default(p->data, + gctx->dh_type)) == -1)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } } p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (p != NULL) { + const DH_NAMED_GROUP *group = NULL; + if (p->data_type != OSSL_PARAM_UTF8_STRING - || ((gctx->group_nid = ossl_ffc_named_group_to_uid(p->data)) == NID_undef)) { + || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL + || ((gctx->group_nid = + ossl_ffc_named_group_get_uid(group)) == NID_undef)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } |