diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/dh/dh_ameth.c | 12 | ||||
| -rw-r--r-- | crypto/dh/dh_asn1.c | 2 | ||||
| -rw-r--r-- | crypto/dh/dh_backend.c | 14 | ||||
| -rw-r--r-- | crypto/dh/dh_check.c | 8 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 10 | ||||
| -rw-r--r-- | crypto/dh/dh_group_params.c | 8 | ||||
| -rw-r--r-- | crypto/dh/dh_kdf.c | 15 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 11 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 10 | ||||
| -rw-r--r-- | crypto/dh/dh_pmeth.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_lib.c | 2 | ||||
| -rw-r--r-- | crypto/evp/dh_support.c | 4 | ||||
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 97 |
13 files changed, 146 insertions, 51 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 1cf692ee13..338f308934 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -433,9 +433,9 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); + return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); + return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: return -2; } @@ -492,7 +492,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, * If the DH method is foreign, then we can't be sure of anything, and * can therefore not export or pretend to export. */ - if (dh_get_method(dh) != DH_OpenSSL()) + if (ossl_dh_get_method(dh) != DH_OpenSSL()) return 0; if (p == NULL || g == NULL) @@ -543,7 +543,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - DH *dh = dh_new_ex(pctx->libctx); + DH *dh = ossl_dh_new_ex(pctx->libctx); if (dh == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); @@ -552,8 +552,8 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); - if (!dh_params_fromdata(dh, params) - || !dh_key_fromdata(dh, params) + if (!ossl_dh_params_fromdata(dh, params) + || !ossl_dh_key_fromdata(dh, params) || !EVP_PKEY_assign(pkey, type, dh)) { DH_free(dh); return 0; diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 68013219e7..5c8af108f5 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -39,7 +39,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, DH_FLAG_TYPE_DH); - dh_cache_named_group(dh); + ossl_dh_cache_named_group(dh); dh->dirty_cnt++; } return 1; diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index 41de7b9006..c848cb4870 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -30,17 +30,17 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]) if (dh == NULL) return 0; - ffc = dh_get0_params(dh); + ffc = ossl_dh_get0_params(dh); if (ffc == NULL) return 0; ret = ossl_ffc_params_fromdata(ffc, params); if (ret) - dh_cache_named_group(dh); /* This increments dh->dirty_cnt */ + ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */ return ret; } -int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) +int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) { const OSSL_PARAM *param_priv_len; long priv_len; @@ -58,7 +58,7 @@ int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) return 1; } -int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) { const OSSL_PARAM *param_priv_key, *param_pub_key; BIGNUM *priv_key = NULL, *pub_key = NULL; @@ -86,11 +86,11 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) return 0; } -int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { long l = DH_get_length(dh); - if (!ossl_ffc_params_todata(dh_get0_params(dh), bld, params)) + if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params)) return 0; if (l > 0 && !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l)) @@ -98,7 +98,7 @@ int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) return 1; } -int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { const BIGNUM *priv = NULL, *pub = NULL; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 5cbbdbf8c5..90697340f7 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -243,12 +243,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) * To only be used with ephemeral FFC public keys generated using the approved * safe-prime groups. */ -int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) +int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); } -int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) +int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) { int ok = 0; BIGNUM *two_powN = NULL, *upper; @@ -281,7 +281,7 @@ err: * FFC pairwise check from SP800-56A R3. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency */ -int dh_check_pairwise(const DH *dh) +int ossl_dh_check_pairwise(const DH *dh) { int ret = 0; BN_CTX *ctx = NULL; @@ -301,7 +301,7 @@ int dh_check_pairwise(const DH *dh) goto err; /* recalculate the public key = (g ^ priv) mod p */ - if (!dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) + if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) goto err; /* check it matches the existing pubic_key */ ret = BN_cmp(pub_key, dh->pub_key) == 0; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index bdc0dc79b8..aecf7195d8 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -35,8 +35,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); #endif /* FIPS_MODULE */ -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb) +int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb) { int ret, res; @@ -55,7 +55,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, return ret; } -int dh_get_named_group_uid_from_size(int pbits) +int ossl_dh_get_named_group_uid_from_size(int pbits) { /* * Just choose an approved safe prime group. @@ -95,12 +95,12 @@ static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len) { DH *dh; int ok = 0; - int nid = dh_get_named_group_uid_from_size(prime_len); + int nid = ossl_dh_get_named_group_uid_from_size(prime_len); if (nid == NID_undef) return 0; - dh = dh_new_by_nid_ex(libctx, nid); + dh = ossl_dh_new_by_nid_ex(libctx, nid); if (dh != NULL && ossl_ffc_params_copy(&ret->params, &dh->params)) { ok = 1; diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c index 0f66d8969d..72082d6f50 100644 --- a/crypto/dh/dh_group_params.c +++ b/crypto/dh/dh_group_params.c @@ -27,7 +27,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) { - DH *dh = dh_new_ex(libctx); + DH *dh = ossl_dh_new_ex(libctx); if (dh == NULL) return NULL; @@ -39,7 +39,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) return dh; } -DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) +DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) { const DH_NAMED_GROUP *group; @@ -52,10 +52,10 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) DH *DH_new_by_nid(int nid) { - return dh_new_by_nid_ex(NULL, nid); + return ossl_dh_new_by_nid_ex(NULL, nid); } -void dh_cache_named_group(DH *dh) +void ossl_dh_cache_named_group(DH *dh) { const DH_NAMED_GROUP *group; diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index ea2cd6386c..e1753b0b69 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -25,11 +25,12 @@ #include <crypto/dh.h> /* Key derivation function from X9.63/SECG */ -int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) +int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; EVP_KDF_CTX *kctx = NULL; @@ -78,7 +79,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, if (key_alg == NULL) return 0; - return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg, - ukm, ukmlen, md, libctx, NULL); + return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg, + ukm, ukmlen, md, libctx, NULL); } #endif /* !defined(FIPS_MODULE) */ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index f8cbbd593b..f282a12b4c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -210,8 +210,8 @@ int DH_generate_key(DH *dh) #endif } -int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key, - BIGNUM *pub_key) +int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, + const BIGNUM *priv_key, BIGNUM *pub_key) { int ret = 0; BIGNUM *prk = BN_new(); @@ -344,7 +344,7 @@ static int generate_key(DH *dh) } } - if (!dh_generate_public_key(ctx, dh, priv_key, pub_key)) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) goto err; dh->pub_key = pub_key; @@ -363,7 +363,7 @@ static int generate_key(DH *dh) return ok; } -int dh_buf2key(DH *dh, const unsigned char *buf, size_t len) +int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) { int err_reason = DH_R_BN_ERROR; BIGNUM *pubkey = NULL; @@ -394,7 +394,8 @@ err: return 0; } -size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc) +size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, + int alloc) { const BIGNUM *pubkey; unsigned char *pbuf = NULL; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e3db7a4929..78b984157d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -47,7 +47,7 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) return 1; } -const DH_METHOD *dh_get_method(const DH *dh) +const DH_METHOD *ossl_dh_get_method(const DH *dh) { return dh->meth; } @@ -64,7 +64,7 @@ DH *DH_new_method(ENGINE *engine) } #endif /* !FIPS_MODULE */ -DH *dh_new_ex(OSSL_LIB_CTX *libctx) +DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) { return dh_new_intern(NULL, libctx); } @@ -230,7 +230,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) return 0; ossl_ffc_params_set0_pqg(&dh->params, p, q, g); - dh_cache_named_group(dh); + ossl_dh_cache_named_group(dh); dh->dirty_cnt++; return 1; } @@ -317,11 +317,11 @@ ENGINE *DH_get0_engine(DH *dh) } #endif /*FIPS_MODULE */ -FFC_PARAMS *dh_get0_params(DH *dh) +FFC_PARAMS *ossl_dh_get0_params(DH *dh) { return &dh->params; } -int dh_get0_nid(const DH *dh) +int ossl_dh_get0_nid(const DH *dh) { return dh->params.nid; } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 11f30ce702..4a18205a7f 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -509,7 +509,7 @@ static const EVP_PKEY_METHOD dh_pkey_meth = { pkey_dh_ctrl_str }; -const EVP_PKEY_METHOD *dh_pkey_method(void) +const EVP_PKEY_METHOD *ossl_dh_pkey_method(void) { return &dh_pkey_meth; } @@ -548,7 +548,7 @@ static const EVP_PKEY_METHOD dhx_pkey_meth = { pkey_dh_ctrl_str }; -const EVP_PKEY_METHOD *dhx_pkey_method(void) +const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void) { return &dhx_pkey_meth; } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 7e5be3208d..0c84a6294f 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -52,7 +52,7 @@ DH *DSA_dup_DH(const DSA *r) if (ret == NULL) goto err; - if (!ossl_ffc_params_copy(dh_get0_params(ret), &r->params)) + if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params)) goto err; if (r->pub_key != NULL) { diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c index 212cf908eb..0f33b28122 100644 --- a/crypto/evp/dh_support.c +++ b/crypto/evp/dh_support.c @@ -25,7 +25,7 @@ static const DH_GENTYPE_NAME2ID dhtype2id[]= { "generator", DH_PARAMGEN_TYPE_GENERATOR } }; -const char *dh_gen_type_id2name(int id) +const char *ossl_dh_gen_type_id2name(int id) { size_t i; @@ -36,7 +36,7 @@ const char *dh_gen_type_id2name(int id) return NULL; } -int dh_gen_type_name2id(const char *name) +int ossl_dh_gen_type_name2id(const char *name) { size_t i; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 500e056479..9499d666bd 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -51,7 +51,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; static pmeth_fn standard_methods[] = { ossl_rsa_pkey_method, # ifndef OPENSSL_NO_DH - dh_pkey_method, + ossl_dh_pkey_method, # endif # ifndef OPENSSL_NO_DSA dsa_pkey_method, @@ -61,7 +61,7 @@ static pmeth_fn standard_methods[] = { # endif ossl_rsa_pss_pkey_method, # ifndef OPENSSL_NO_DH - dhx_pkey_method, + ossl_dhx_pkey_method, # endif # ifndef OPENSSL_NO_EC ecx25519_pkey_method, @@ -1326,6 +1326,99 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); } +<<<<<<< HEAD +======= +static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, + const char *value) +{ + if (strcmp(name, "md") == 0) + name = OSSL_ALG_PARAM_DIGEST; + else if (strcmp(name, "rsa_padding_mode") == 0) + name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE; + else if (strcmp(name, "rsa_mgf1_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST; + else if (strcmp(name, "rsa_oaep_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST; + else if (strcmp(name, "rsa_oaep_label") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL; + else if (strcmp(name, "rsa_pss_saltlen") == 0) + name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN; + else if (strcmp(name, "rsa_keygen_bits") == 0) + name = OSSL_PKEY_PARAM_RSA_BITS; + else if (strcmp(name, "rsa_keygen_pubexp") == 0) + name = OSSL_PKEY_PARAM_RSA_E; + else if (strcmp(name, "rsa_keygen_primes") == 0) + name = OSSL_PKEY_PARAM_RSA_PRIMES; + else if (strcmp(name, "rsa_pss_keygen_md") == 0) + name = OSSL_PKEY_PARAM_RSA_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0) + name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0) + name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; + else if (strcmp(name, "dsa_paramgen_bits") == 0) + name = OSSL_PKEY_PARAM_FFC_PBITS; + else if (strcmp(name, "dsa_paramgen_q_bits") == 0) + name = OSSL_PKEY_PARAM_FFC_QBITS; + else if (strcmp(name, "dsa_paramgen_md") == 0) + name = OSSL_PKEY_PARAM_FFC_DIGEST; + else if (strcmp(name, "dh_paramgen_generator") == 0) + name = OSSL_PKEY_PARAM_DH_GENERATOR; + else if (strcmp(name, "dh_paramgen_prime_len") == 0) + name = OSSL_PKEY_PARAM_FFC_PBITS; + else if (strcmp(name, "dh_paramgen_subprime_len") == 0) + name = OSSL_PKEY_PARAM_FFC_QBITS; + else if (strcmp(name, "dh_paramgen_type") == 0) { + name = OSSL_PKEY_PARAM_FFC_TYPE; + value = ossl_dh_gen_type_id2name(atoi(value)); + } else if (strcmp(name, "dh_param") == 0) + name = OSSL_PKEY_PARAM_GROUP_NAME; + else if (strcmp(name, "dh_rfc5114") == 0) { + int num = atoi(value); + + name = OSSL_PKEY_PARAM_GROUP_NAME; + value = + ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num)); + } else if (strcmp(name, "dh_pad") == 0) + name = OSSL_EXCHANGE_PARAM_PAD; + else if (strcmp(name, "ec_paramgen_curve") == 0) + name = OSSL_PKEY_PARAM_GROUP_NAME; + else if (strcmp(name, "ecdh_cofactor_mode") == 0) + name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE; + else if (strcmp(name, "ecdh_kdf_md") == 0) + name = OSSL_EXCHANGE_PARAM_KDF_DIGEST; + else if (strcmp(name, "ec_param_enc") == 0) + name = OSSL_PKEY_PARAM_EC_ENCODING; + else if (strcmp(name, "N") == 0) + name = OSSL_KDF_PARAM_SCRYPT_N; + + { + /* + * TODO(3.0) reduce the code above to only translate known legacy + * string to the corresponding core name (see core_names.h), but + * otherwise leave it to this code block to do the actual work. + */ + const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int rv = 0; + int exists = 0; + + if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value, + strlen(value), &exists)) { + if (!exists) { + ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, + "name=%s,value=%s", name, value); + return -2; + } + return 0; + } + if (EVP_PKEY_CTX_set_params(ctx, params)) + rv = 1; + OPENSSL_free(params[0].data); + return rv; + } +} + +>>>>>>> 4651c47010... Fix external symbols related to dh keys static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, const char *name, const char *value) { |