summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/dh/dh_ameth.c12
-rw-r--r--crypto/dh/dh_asn1.c2
-rw-r--r--crypto/dh/dh_backend.c14
-rw-r--r--crypto/dh/dh_check.c8
-rw-r--r--crypto/dh/dh_gen.c10
-rw-r--r--crypto/dh/dh_group_params.c8
-rw-r--r--crypto/dh/dh_kdf.c15
-rw-r--r--crypto/dh/dh_key.c11
-rw-r--r--crypto/dh/dh_lib.c10
-rw-r--r--crypto/dh/dh_pmeth.c4
-rw-r--r--crypto/dsa/dsa_lib.c2
-rw-r--r--crypto/evp/dh_support.c4
-rw-r--r--crypto/evp/pmeth_lib.c97
-rw-r--r--include/crypto/dh.h65
-rw-r--r--include/crypto/evp.h4
-rw-r--r--providers/implementations/encode_decode/encode_key2text.c4
-rw-r--r--providers/implementations/exchange/dh_exch.c14
-rw-r--r--providers/implementations/keymgmt/dh_kmgmt.c54
-rw-r--r--test/ffc_internal_test.c8
19 files changed, 221 insertions, 125 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 1cf692ee13..338f308934 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -433,9 +433,9 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
- return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
+ return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
- return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
+ return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
default:
return -2;
}
@@ -492,7 +492,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
* If the DH method is foreign, then we can't be sure of anything, and
* can therefore not export or pretend to export.
*/
- if (dh_get_method(dh) != DH_OpenSSL())
+ if (ossl_dh_get_method(dh) != DH_OpenSSL())
return 0;
if (p == NULL || g == NULL)
@@ -543,7 +543,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
{
EVP_PKEY_CTX *pctx = vpctx;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
- DH *dh = dh_new_ex(pctx->libctx);
+ DH *dh = ossl_dh_new_ex(pctx->libctx);
if (dh == NULL) {
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
@@ -552,8 +552,8 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
- if (!dh_params_fromdata(dh, params)
- || !dh_key_fromdata(dh, params)
+ if (!ossl_dh_params_fromdata(dh, params)
+ || !ossl_dh_key_fromdata(dh, params)
|| !EVP_PKEY_assign(pkey, type, dh)) {
DH_free(dh);
return 0;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 68013219e7..5c8af108f5 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -39,7 +39,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
- dh_cache_named_group(dh);
+ ossl_dh_cache_named_group(dh);
dh->dirty_cnt++;
}
return 1;
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 41de7b9006..c848cb4870 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -30,17 +30,17 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
if (dh == NULL)
return 0;
- ffc = dh_get0_params(dh);
+ ffc = ossl_dh_get0_params(dh);
if (ffc == NULL)
return 0;
ret = ossl_ffc_params_fromdata(ffc, params);
if (ret)
- dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
+ ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
return ret;
}
-int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
{
const OSSL_PARAM *param_priv_len;
long priv_len;
@@ -58,7 +58,7 @@ int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
return 1;
}
-int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
{
const OSSL_PARAM *param_priv_key, *param_pub_key;
BIGNUM *priv_key = NULL, *pub_key = NULL;
@@ -86,11 +86,11 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
return 0;
}
-int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
long l = DH_get_length(dh);
- if (!ossl_ffc_params_todata(dh_get0_params(dh), bld, params))
+ if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params))
return 0;
if (l > 0
&& !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
@@ -98,7 +98,7 @@ int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
return 1;
}
-int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
const BIGNUM *priv = NULL, *pub = NULL;
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 5cbbdbf8c5..90697340f7 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -243,12 +243,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
* To only be used with ephemeral FFC public keys generated using the approved
* safe-prime groups.
*/
-int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
+int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
}
-int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
+int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
{
int ok = 0;
BIGNUM *two_powN = NULL, *upper;
@@ -281,7 +281,7 @@ err:
* FFC pairwise check from SP800-56A R3.
* Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
*/
-int dh_check_pairwise(const DH *dh)
+int ossl_dh_check_pairwise(const DH *dh)
{
int ret = 0;
BN_CTX *ctx = NULL;
@@ -301,7 +301,7 @@ int dh_check_pairwise(const DH *dh)
goto err;
/* recalculate the public key = (g ^ priv) mod p */
- if (!dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
+ if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
goto err;
/* check it matches the existing pubic_key */
ret = BN_cmp(pub_key, dh->pub_key) == 0;
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index bdc0dc79b8..aecf7195d8 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -35,8 +35,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
#endif /* FIPS_MODULE */
-int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
- BN_GENCB *cb)
+int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+ BN_GENCB *cb)
{
int ret, res;
@@ -55,7 +55,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
return ret;
}
-int dh_get_named_group_uid_from_size(int pbits)
+int ossl_dh_get_named_group_uid_from_size(int pbits)
{
/*
* Just choose an approved safe prime group.
@@ -95,12 +95,12 @@ static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len)
{
DH *dh;
int ok = 0;
- int nid = dh_get_named_group_uid_from_size(prime_len);
+ int nid = ossl_dh_get_named_group_uid_from_size(prime_len);
if (nid == NID_undef)
return 0;
- dh = dh_new_by_nid_ex(libctx, nid);
+ dh = ossl_dh_new_by_nid_ex(libctx, nid);
if (dh != NULL
&& ossl_ffc_params_copy(&ret->params, &dh->params)) {
ok = 1;
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index 0f66d8969d..72082d6f50 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -27,7 +27,7 @@
static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
{
- DH *dh = dh_new_ex(libctx);
+ DH *dh = ossl_dh_new_ex(libctx);
if (dh == NULL)
return NULL;
@@ -39,7 +39,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
return dh;
}
-DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
+DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
{
const DH_NAMED_GROUP *group;
@@ -52,10 +52,10 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
DH *DH_new_by_nid(int nid)
{
- return dh_new_by_nid_ex(NULL, nid);
+ return ossl_dh_new_by_nid_ex(NULL, nid);
}
-void dh_cache_named_group(DH *dh)
+void ossl_dh_cache_named_group(DH *dh)
{
const DH_NAMED_GROUP *group;
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index ea2cd6386c..e1753b0b69 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -25,11 +25,12 @@
#include <crypto/dh.h>
/* Key derivation function from X9.63/SECG */
-int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- const char *cek_alg,
- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
- OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const char *cek_alg,
+ const unsigned char *ukm, size_t ukmlen,
+ const EVP_MD *md,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
int ret = 0;
EVP_KDF_CTX *kctx = NULL;
@@ -78,7 +79,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
if (key_alg == NULL)
return 0;
- return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
- ukm, ukmlen, md, libctx, NULL);
+ return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
+ ukm, ukmlen, md, libctx, NULL);
}
#endif /* !defined(FIPS_MODULE) */
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index f8cbbd593b..f282a12b4c 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -210,8 +210,8 @@ int DH_generate_key(DH *dh)
#endif
}
-int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
- BIGNUM *pub_key)
+int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
+ const BIGNUM *priv_key, BIGNUM *pub_key)
{
int ret = 0;
BIGNUM *prk = BN_new();
@@ -344,7 +344,7 @@ static int generate_key(DH *dh)
}
}
- if (!dh_generate_public_key(ctx, dh, priv_key, pub_key))
+ if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
goto err;
dh->pub_key = pub_key;
@@ -363,7 +363,7 @@ static int generate_key(DH *dh)
return ok;
}
-int dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
+int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
{
int err_reason = DH_R_BN_ERROR;
BIGNUM *pubkey = NULL;
@@ -394,7 +394,8 @@ err:
return 0;
}
-size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc)
+size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size,
+ int alloc)
{
const BIGNUM *pubkey;
unsigned char *pbuf = NULL;
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e3db7a4929..78b984157d 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -47,7 +47,7 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
return 1;
}
-const DH_METHOD *dh_get_method(const DH *dh)
+const DH_METHOD *ossl_dh_get_method(const DH *dh)
{
return dh->meth;
}
@@ -64,7 +64,7 @@ DH *DH_new_method(ENGINE *engine)
}
#endif /* !FIPS_MODULE */
-DH *dh_new_ex(OSSL_LIB_CTX *libctx)
+DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx)
{
return dh_new_intern(NULL, libctx);
}
@@ -230,7 +230,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
return 0;
ossl_ffc_params_set0_pqg(&dh->params, p, q, g);
- dh_cache_named_group(dh);
+ ossl_dh_cache_named_group(dh);
dh->dirty_cnt++;
return 1;
}
@@ -317,11 +317,11 @@ ENGINE *DH_get0_engine(DH *dh)
}
#endif /*FIPS_MODULE */
-FFC_PARAMS *dh_get0_params(DH *dh)
+FFC_PARAMS *ossl_dh_get0_params(DH *dh)
{
return &dh->params;
}
-int dh_get0_nid(const DH *dh)
+int ossl_dh_get0_nid(const DH *dh)
{
return dh->params.nid;
}
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 11f30ce702..4a18205a7f 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -509,7 +509,7 @@ static const EVP_PKEY_METHOD dh_pkey_meth = {
pkey_dh_ctrl_str
};
-const EVP_PKEY_METHOD *dh_pkey_method(void)
+const EVP_PKEY_METHOD *ossl_dh_pkey_method(void)
{
return &dh_pkey_meth;
}
@@ -548,7 +548,7 @@ static const EVP_PKEY_METHOD dhx_pkey_meth = {
pkey_dh_ctrl_str
};
-const EVP_PKEY_METHOD *dhx_pkey_method(void)
+const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void)
{
return &dhx_pkey_meth;
}
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 7e5be3208d..0c84a6294f 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -52,7 +52,7 @@ DH *DSA_dup_DH(const DSA *r)
if (ret == NULL)
goto err;
- if (!ossl_ffc_params_copy(dh_get0_params(ret), &r->params))
+ if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
goto err;
if (r->pub_key != NULL) {
diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c
index 212cf908eb..0f33b28122 100644
--- a/crypto/evp/dh_support.c
+++ b/crypto/evp/dh_support.c
@@ -25,7 +25,7 @@ static const DH_GENTYPE_NAME2ID dhtype2id[]=
{ "generator", DH_PARAMGEN_TYPE_GENERATOR }
};
-const char *dh_gen_type_id2name(int id)
+const char *ossl_dh_gen_type_id2name(int id)
{
size_t i;
@@ -36,7 +36,7 @@ const char *dh_gen_type_id2name(int id)
return NULL;
}
-int dh_gen_type_name2id(const char *name)
+int ossl_dh_gen_type_name2id(const char *name)
{
size_t i;
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 500e056479..9499d666bd 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -51,7 +51,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
static pmeth_fn standard_methods[] = {
ossl_rsa_pkey_method,
# ifndef OPENSSL_NO_DH
- dh_pkey_method,
+ ossl_dh_pkey_method,
# endif
# ifndef OPENSSL_NO_DSA
dsa_pkey_method,
@@ -61,7 +61,7 @@ static pmeth_fn standard_methods[] = {
# endif
ossl_rsa_pss_pkey_method,
# ifndef OPENSSL_NO_DH
- dhx_pkey_method,
+ ossl_dhx_pkey_method,
# endif
# ifndef OPENSSL_NO_EC
ecx25519_pkey_method,
@@ -1326,6 +1326,99 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
}
+<<<<<<< HEAD
+=======
+static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
+ const char *value)
+{
+ if (strcmp(name, "md") == 0)
+ name = OSSL_ALG_PARAM_DIGEST;
+ else if (strcmp(name, "rsa_padding_mode") == 0)
+ name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE;
+ else if (strcmp(name, "rsa_mgf1_md") == 0)
+ name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST;
+ else if (strcmp(name, "rsa_oaep_md") == 0)
+ name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
+ else if (strcmp(name, "rsa_oaep_label") == 0)
+ name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
+ else if (strcmp(name, "rsa_pss_saltlen") == 0)
+ name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN;
+ else if (strcmp(name, "rsa_keygen_bits") == 0)
+ name = OSSL_PKEY_PARAM_RSA_BITS;
+ else if (strcmp(name, "rsa_keygen_pubexp") == 0)
+ name = OSSL_PKEY_PARAM_RSA_E;
+ else if (strcmp(name, "rsa_keygen_primes") == 0)
+ name = OSSL_PKEY_PARAM_RSA_PRIMES;
+ else if (strcmp(name, "rsa_pss_keygen_md") == 0)
+ name = OSSL_PKEY_PARAM_RSA_DIGEST;
+ else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0)
+ name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
+ else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
+ name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
+ else if (strcmp(name, "dsa_paramgen_bits") == 0)
+ name = OSSL_PKEY_PARAM_FFC_PBITS;
+ else if (strcmp(name, "dsa_paramgen_q_bits") == 0)
+ name = OSSL_PKEY_PARAM_FFC_QBITS;
+ else if (strcmp(name, "dsa_paramgen_md") == 0)
+ name = OSSL_PKEY_PARAM_FFC_DIGEST;
+ else if (strcmp(name, "dh_paramgen_generator") == 0)
+ name = OSSL_PKEY_PARAM_DH_GENERATOR;
+ else if (strcmp(name, "dh_paramgen_prime_len") == 0)
+ name = OSSL_PKEY_PARAM_FFC_PBITS;
+ else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
+ name = OSSL_PKEY_PARAM_FFC_QBITS;
+ else if (strcmp(name, "dh_paramgen_type") == 0) {
+ name = OSSL_PKEY_PARAM_FFC_TYPE;
+ value = ossl_dh_gen_type_id2name(atoi(value));
+ } else if (strcmp(name, "dh_param") == 0)
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
+ else if (strcmp(name, "dh_rfc5114") == 0) {
+ int num = atoi(value);
+
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
+ value =
+ ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num));
+ } else if (strcmp(name, "dh_pad") == 0)
+ name = OSSL_EXCHANGE_PARAM_PAD;
+ else if (strcmp(name, "ec_paramgen_curve") == 0)
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
+ else if (strcmp(name, "ecdh_cofactor_mode") == 0)
+ name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE;
+ else if (strcmp(name, "ecdh_kdf_md") == 0)
+ name = OSSL_EXCHANGE_PARAM_KDF_DIGEST;
+ else if (strcmp(name, "ec_param_enc") == 0)
+ name = OSSL_PKEY_PARAM_EC_ENCODING;
+ else if (strcmp(name, "N") == 0)
+ name = OSSL_KDF_PARAM_SCRYPT_N;
+
+ {
+ /*
+ * TODO(3.0) reduce the code above to only translate known legacy
+ * string to the corresponding core name (see core_names.h), but
+ * otherwise leave it to this code block to do the actual work.
+ */
+ const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx);
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ int rv = 0;
+ int exists = 0;
+
+ if (!OSSL_PARAM_allocate_from_text(&params[0], settable, name, value,
+ strlen(value), &exists)) {
+ if (!exists) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
+ "name=%s,value=%s", name, value);
+ return -2;
+ }
+ return 0;
+ }
+ if (EVP_PKEY_CTX_set_params(ctx, params))
+ rv = 1;
+ OPENSSL_free(params[0].data);
+ return rv;
+ }
+}
+
+>>>>>>> 4651c47010... Fix external symbols related to dh keys
static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx,
const char *name, const char *value)
{
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index eca2a03056..d8b597a0f1 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -16,40 +16,41 @@
# include <openssl/dh.h>
# include "internal/ffc.h"
-DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
-DH *dh_new_ex(OSSL_LIB_CTX *libctx);
+DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
+DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx);
void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx);
-
-int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
- BN_GENCB *cb);
-int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
- BIGNUM *pub_key);
-int dh_get_named_group_uid_from_size(int pbits);
-const char *dh_gen_type_id2name(int id);
-int dh_gen_type_name2id(const char *name);
-void dh_cache_named_group(DH *dh);
+int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+ BN_GENCB *cb);
+int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
+ const BIGNUM *priv_key, BIGNUM *pub_key);
+int ossl_dh_get_named_group_uid_from_size(int pbits);
+const char *ossl_dh_gen_type_id2name(int id);
+int ossl_dh_gen_type_name2id(const char *name);
+void ossl_dh_cache_named_group(DH *dh);
int ossl_dh_is_named_safe_prime_group(const DH *dh);
-FFC_PARAMS *dh_get0_params(DH *dh);
-int dh_get0_nid(const DH *dh);
-int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
-int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
-int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
-int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
-
-int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
-int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
-int dh_check_pairwise(const DH *dh);
-
-const DH_METHOD *dh_get_method(const DH *dh);
-
-int dh_buf2key(DH *key, const unsigned char *buf, size_t len);
-size_t dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, int alloc);
-
-int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- const char *cek_alg,
- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
- OSSL_LIB_CTX *libctx, const char *propq);
+FFC_PARAMS *ossl_dh_get0_params(DH *dh);
+int ossl_dh_get0_nid(const DH *dh);
+int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+
+int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
+int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
+int ossl_dh_check_pairwise(const DH *dh);
+
+const DH_METHOD *ossl_dh_get_method(const DH *dh);
+
+int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len);
+size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size,
+ int alloc);
+
+int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const char *cek_alg,
+ const unsigned char *ukm, size_t ukmlen,
+ const EVP_MD *md,
+ OSSL_LIB_CTX *libctx, const char *propq);
#endif /* OSSL_CRYPTO_DH_H */
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 0ed9a02396..e48afbf203 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -179,8 +179,8 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-const EVP_PKEY_METHOD *dh_pkey_method(void);
-const EVP_PKEY_METHOD *dhx_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
const EVP_PKEY_METHOD *dsa_pkey_method(void);
const EVP_PKEY_METHOD *ec_pkey_method(void);
const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 8be3478102..4b4cfc8fa7 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -23,7 +23,7 @@
#include <openssl/proverr.h>
#include "internal/ffc.h"
#include "crypto/bn.h" /* bn_get_words() */
-#include "crypto/dh.h" /* dh_get0_params() */
+#include "crypto/dh.h" /* ossl_dh_get0_params() */
#include "crypto/dsa.h" /* dsa_get0_params() */
#include "crypto/ec.h" /* ec_key_get_libctx */
#include "crypto/ecx.h" /* ECX_KEY, etc... */
@@ -245,7 +245,7 @@ static int dh_to_text(BIO *out, const void *key, int selection)
}
}
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
- params = dh_get0_params((DH *)dh);
+ params = ossl_dh_get0_params((DH *)dh);
if (params == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS);
return 0;
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 32ce2ee0ed..2638675da5 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -180,13 +180,13 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret,
/* Do KDF stuff */
if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) {
- if (!dh_KDF_X9_42_asn1(secret, pdhctx->kdf_outlen,
- stmp, stmplen,
- pdhctx->kdf_cekalg,
- pdhctx->kdf_ukm,
- pdhctx->kdf_ukmlen,
- pdhctx->kdf_md,
- pdhctx->libctx, NULL))
+ if (!ossl_dh_kdf_X9_42_asn1(secret, pdhctx->kdf_outlen,
+ stmp, stmplen,
+ pdhctx->kdf_cekalg,
+ pdhctx->kdf_ukm,
+ pdhctx->kdf_ukmlen,
+ pdhctx->kdf_md,
+ pdhctx->libctx, NULL))
goto err;
}
*secretlen = pdhctx->kdf_outlen;
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index a967309644..9b1679e4fa 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -91,7 +91,7 @@ static int dh_gen_type_name2id_w_default(const char *name, int type)
#endif
}
- return dh_gen_type_name2id(name);
+ return ossl_dh_gen_type_name2id(name);
}
static void *dh_newdata(void *provctx)
@@ -99,7 +99,7 @@ static void *dh_newdata(void *provctx)
DH *dh = NULL;
if (ossl_prov_is_running()) {
- dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
+ dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
@@ -112,7 +112,7 @@ static void *dhx_newdata(void *provctx)
{
DH *dh = NULL;
- dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
+ dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DHX);
@@ -158,8 +158,8 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
- FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
- FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
+ FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);
+ FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);
ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1);
}
@@ -178,10 +178,10 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && dh_params_fromdata(dh, params);
+ ok = ok && ossl_dh_params_fromdata(dh, params);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
- ok = ok && dh_key_fromdata(dh, params);
+ ok = ok && ossl_dh_key_fromdata(dh, params);
return ok;
}
@@ -202,9 +202,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && dh_params_todata(dh, tmpl, NULL);
+ ok = ok && ossl_dh_params_todata(dh, tmpl, NULL);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
- ok = ok && dh_key_todata(dh, tmpl, NULL);
+ ok = ok && ossl_dh_key_todata(dh, tmpl, NULL);
if (!ok
|| (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
@@ -295,14 +295,14 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
- p->return_size = dh_key2buf(dh, (unsigned char **)&p->data,
- p->data_size, 0);
+ p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data,
+ p->data_size, 0);
if (p->return_size == 0)
return 0;
}
- return dh_params_todata(dh, NULL, params)
- && dh_key_todata(dh, NULL, params);
+ return ossl_dh_params_todata(dh, NULL, params)
+ && ossl_dh_key_todata(dh, NULL, params);
}
static const OSSL_PARAM dh_params[] = {
@@ -339,7 +339,7 @@ static int dh_set_params(void *key, const OSSL_PARAM params[])
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL
&& (p->data_type != OSSL_PARAM_OCTET_STRING
- || !dh_buf2key(dh, p->data, p->data_size)))
+ || !ossl_dh_buf2key(dh, p->data, p->data_size)))
return 0;
return 1;
@@ -357,7 +357,7 @@ static int dh_validate_public(const DH *dh, int checktype)
/* The partial test is only valid for named group's with q = (p - 1) / 2 */
if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
&& ossl_dh_is_named_safe_prime_group(dh))
- return dh_check_pub_key_partial(dh, pub_key, &res);
+ return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
return DH_check_pub_key(dh, pub_key, &res);
}
@@ -370,7 +370,7 @@ static int dh_validate_private(const DH *dh)
DH_get0_key(dh, NULL, &priv_key);
if (priv_key == NULL)
return 0;
- return dh_check_priv_key(dh, priv_key, &status);;
+ return ossl_dh_check_priv_key(dh, priv_key, &status);;
}
static int dh_validate(const void *keydata, int selection, int checktype)
@@ -404,7 +404,7 @@ static int dh_validate(const void *keydata, int selection, int checktype)
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
== OSSL_KEYMGMT_SELECT_KEYPAIR)
- ok = ok && dh_check_pairwise(dh);
+ ok = ok && ossl_dh_check_pairwise(dh);
return ok;
}
@@ -461,7 +461,7 @@ static int dh_gen_set_template(void *genctx, void *templ)
if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
return 0;
- gctx->ffc_params = dh_get0_params(dh);
+ gctx->ffc_params = ossl_dh_get0_params(dh);
return 1;
}
@@ -492,8 +492,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING
|| ((gctx->gen_type =
- dh_gen_type_name2id_w_default(p->data,
- gctx->dh_type)) == -1)) {
+ dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
@@ -606,18 +605,18 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
&& gctx->