mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix external symbols related to dh keys

Browse Source 
Partial fix for #12964

This adds ossl_ names for the following symbols:

dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
This commit is contained in:
Shane Lontis 2021-02-18 15:56:53 +10:00
parent 94553e85b6
commit 19dbb742cd
19 changed files with 217 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/dh/dh_ameth.c
View File

@ -433,9 +433,9 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
default:
return -2;
}
@ -492,7 +492,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
* If the DH method is foreign, then we can't be sure of anything, and
* can therefore not export or pretend to export.
*/
if (dh_get_method(dh) != DH_OpenSSL())
if (ossl_dh_get_method(dh) != DH_OpenSSL())
return 0;
if (p == NULL || g == NULL)
@ -543,7 +543,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
{
EVP_PKEY_CTX *pctx = vpctx;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
DH *dh = dh_new_ex(pctx->libctx);
DH *dh = ossl_dh_new_ex(pctx->libctx);
if (dh == NULL) {
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
@ -552,8 +552,8 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
if (!dh_params_fromdata(dh, params)
|| !dh_key_fromdata(dh, params)
if (!ossl_dh_params_fromdata(dh, params)
|| !ossl_dh_key_fromdata(dh, params)
|| !EVP_PKEY_assign(pkey, type, dh)) {
DH_free(dh);
return 0;

2
crypto/dh/dh_asn1.c
View File

@ -39,7 +39,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
dh_cache_named_group(dh);
ossl_dh_cache_named_group(dh);
dh->dirty_cnt++;
}
return 1;

14
crypto/dh/dh_backend.c
View File

@ -30,17 +30,17 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
if (dh == NULL)
return 0;
ffc = dh_get0_params(dh);
ffc = ossl_dh_get0_params(dh);
if (ffc == NULL)
return 0;
ret = ossl_ffc_params_fromdata(ffc, params);
if (ret)
dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
return ret;
}
int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
{
const OSSL_PARAM *param_priv_len;
long priv_len;
@ -58,7 +58,7 @@ int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
return 1;
}
int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
{
const OSSL_PARAM *param_priv_key, *param_pub_key;
BIGNUM *priv_key = NULL, *pub_key = NULL;
@ -86,11 +86,11 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
return 0;
}
int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
long l = DH_get_length(dh);
if (!ossl_ffc_params_todata(dh_get0_params(dh), bld, params))
if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params))
return 0;
if (l > 0
&& !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
@ -98,7 +98,7 @@ int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
return 1;
}
int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
const BIGNUM *priv = NULL, *pub = NULL;

8
crypto/dh/dh_check.c
View File

@ -243,12 +243,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
* To only be used with ephemeral FFC public keys generated using the approved
* safe-prime groups.
*/
int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
}
int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
{
int ok = 0;
BIGNUM *two_powN = NULL, *upper;
@ -281,7 +281,7 @@ err:
* FFC pairwise check from SP800-56A R3.
* Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
*/
int dh_check_pairwise(const DH *dh)
int ossl_dh_check_pairwise(const DH *dh)
{
int ret = 0;
BN_CTX *ctx = NULL;
@ -301,7 +301,7 @@ int dh_check_pairwise(const DH *dh)
goto err;
/* recalculate the public key = (g ^ priv) mod p */
if (!dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
goto err;
/* check it matches the existing pubic_key */
ret = BN_cmp(pub_key, dh->pub_key) == 0;

10
crypto/dh/dh_gen.c
View File

@ -35,8 +35,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
#endif /* FIPS_MODULE */
int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb)
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb)
{
int ret, res;
@ -55,7 +55,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
return ret;
}
int dh_get_named_group_uid_from_size(int pbits)
int ossl_dh_get_named_group_uid_from_size(int pbits)
{
/*
* Just choose an approved safe prime group.
@ -95,12 +95,12 @@ static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len)
{
DH *dh;
int ok = 0;
int nid = dh_get_named_group_uid_from_size(prime_len);
int nid = ossl_dh_get_named_group_uid_from_size(prime_len);
if (nid == NID_undef)
return 0;
dh = dh_new_by_nid_ex(libctx, nid);
dh = ossl_dh_new_by_nid_ex(libctx, nid);
if (dh != NULL
&& ossl_ffc_params_copy(&ret->params, &dh->params)) {
ok = 1;

8
crypto/dh/dh_group_params.c
View File

@ -27,7 +27,7 @@
static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
{
DH *dh = dh_new_ex(libctx);
DH *dh = ossl_dh_new_ex(libctx);
if (dh == NULL)
return NULL;
@ -39,7 +39,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
return dh;
}
DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
{
const DH_NAMED_GROUP *group;
@ -52,10 +52,10 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
DH *DH_new_by_nid(int nid)
{
return dh_new_by_nid_ex(NULL, nid);
return ossl_dh_new_by_nid_ex(NULL, nid);
}
void dh_cache_named_group(DH *dh)
void ossl_dh_cache_named_group(DH *dh)
{
const DH_NAMED_GROUP *group;

15
crypto/dh/dh_kdf.c
View File

@ -25,11 +25,12 @@
#include <crypto/dh.h>
/* Key derivation function from X9.63/SECG */
int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const char *cek_alg,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq)
int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const char *cek_alg,
const unsigned char *ukm, size_t ukmlen,
const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq)
{
int ret = 0;
EVP_KDF_CTX *kctx = NULL;
@ -78,7 +79,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
if (key_alg == NULL)
return 0;
return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
ukm, ukmlen, md, libctx, NULL);
return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
ukm, ukmlen, md, libctx, NULL);
}
#endif /* !defined(FIPS_MODULE) */

11
crypto/dh/dh_key.c
View File

@ -210,8 +210,8 @@ int DH_generate_key(DH *dh)
#endif
}
int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key)
int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
const BIGNUM *priv_key, BIGNUM *pub_key)
{
int ret = 0;
BIGNUM *prk = BN_new();
@ -344,7 +344,7 @@ static int generate_key(DH *dh)
}
}
if (!dh_generate_public_key(ctx, dh, priv_key, pub_key))
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
goto err;
dh->pub_key = pub_key;
@ -363,7 +363,7 @@ static int generate_key(DH *dh)
return ok;
}
int dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
{
int err_reason = DH_R_BN_ERROR;
BIGNUM *pubkey = NULL;
@ -394,7 +394,8 @@ err:
return 0;
}
size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc)
size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size,
int alloc)
{
const BIGNUM *pubkey;
unsigned char *pbuf = NULL;

10
crypto/dh/dh_lib.c
View File

@ -47,7 +47,7 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
return 1;
}
const DH_METHOD *dh_get_method(const DH *dh)
const DH_METHOD *ossl_dh_get_method(const DH *dh)
{
return dh->meth;
}
@ -64,7 +64,7 @@ DH *DH_new_method(ENGINE *engine)
}
#endif /* !FIPS_MODULE */
DH *dh_new_ex(OSSL_LIB_CTX *libctx)
DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx)
{
return dh_new_intern(NULL, libctx);
}
@ -230,7 +230,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
return 0;
ossl_ffc_params_set0_pqg(&dh->params, p, q, g);
dh_cache_named_group(dh);
ossl_dh_cache_named_group(dh);
dh->dirty_cnt++;
return 1;
}
@ -317,11 +317,11 @@ ENGINE *DH_get0_engine(DH *dh)
}
#endif /*FIPS_MODULE */
FFC_PARAMS *dh_get0_params(DH *dh)
FFC_PARAMS *ossl_dh_get0_params(DH *dh)
{
return &dh->params;
}
int dh_get0_nid(const DH *dh)
int ossl_dh_get0_nid(const DH *dh)
{
return dh->params.nid;
}

4
crypto/dh/dh_pmeth.c
View File

@ -509,7 +509,7 @@ static const EVP_PKEY_METHOD dh_pkey_meth = {
pkey_dh_ctrl_str
};
const EVP_PKEY_METHOD *dh_pkey_method(void)
const EVP_PKEY_METHOD *ossl_dh_pkey_method(void)
{
return &dh_pkey_meth;
}
@ -548,7 +548,7 @@ static const EVP_PKEY_METHOD dhx_pkey_meth = {
pkey_dh_ctrl_str
};
const EVP_PKEY_METHOD *dhx_pkey_method(void)
const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void)
{
return &dhx_pkey_meth;
}

2
crypto/dsa/dsa_lib.c
View File

@ -52,7 +52,7 @@ DH *DSA_dup_DH(const DSA *r)
if (ret == NULL)
goto err;
if (!ossl_ffc_params_copy(dh_get0_params(ret), &r->params))
if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
goto err;
if (r->pub_key != NULL) {

4
crypto/evp/dh_support.c
View File

@ -25,7 +25,7 @@ static const DH_GENTYPE_NAME2ID dhtype2id[]=
{ "generator", DH_PARAMGEN_TYPE_GENERATOR }
};
const char *dh_gen_type_id2name(int id)
const char *ossl_dh_gen_type_id2name(int id)
{
size_t i;
@ -36,7 +36,7 @@ const char *dh_gen_type_id2name(int id)
return NULL;
}
int dh_gen_type_name2id(const char *name)
int ossl_dh_gen_type_name2id(const char *name)
{
size_t i;

97
crypto/evp/pmeth_lib.c
View File

@ -51,7 +51,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
static pmeth_fn standard_methods[] = {
ossl_rsa_pkey_method,
# ifndef OPENSSL_NO_DH
dh_pkey_method,
ossl_dh_pkey_method,
# endif
# ifndef OPENSSL_NO_DSA
dsa_pkey_method,
@ -61,7 +61,7 @@ static pmeth_fn standard_methods[] = {
# endif
ossl_rsa_pss_pkey_method,
# ifndef OPENSSL_NO_DH
dhx_pkey_method,
ossl_dhx_pkey_method,
# endif
# ifndef OPENSSL_NO_EC
ecx25519_pkey_method,
@ -1326,6 +1326,99 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
}
<<<<<<< HEAD
=======
static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
const char *value)
{
if (strcmp(name, "md") == 0)
name = OSSL_ALG_PARAM_DIGEST;
else if (strcmp(name, "rsa_padding_mode") == 0)
name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE;
else if (strcmp(name, "rsa_mgf1_md") == 0)
name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST;
else if (strcmp(name, "rsa_oaep_md") == 0)
name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
else if (strcmp(name, "rsa_oaep_label") == 0)
name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
else if (strcmp(name, "rsa_pss_saltlen") == 0)
name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN;
else if (strcmp(name, "rsa_keygen_bits") == 0)
name = OSSL_PKEY_PARAM_RSA_BITS;
else if (strcmp(name, "rsa_keygen_pubexp") == 0)
name = OSSL_PKEY_PARAM_RSA_E;
else if (strcmp(name, "rsa_keygen_primes") == 0)
name = OSSL_PKEY_PARAM_RSA_PRIMES;
else if (strcmp(name, "rsa_pss_keygen_md") == 0)
name = OSSL_PKEY_PARAM_RSA_DIGEST;
else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0)
name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
else if (strcmp(name, "dsa_paramgen_bits") == 0)
name = OSSL_PKEY_PARAM_FFC_PBITS;
else if (strcmp(name, "dsa_paramgen_q_bits") == 0)
name = OSSL_PKEY_PARAM_FFC_QBITS;
else if (strcmp(name, "dsa_paramgen_md") == 0)
name = OSSL_PKEY_PARAM_FFC_DIGEST;
else if (strcmp(name, "dh_paramgen_generator") == 0)
name = OSSL_PKEY_PARAM_DH_GENERATOR;
else if (strcmp(name, "dh_paramgen_prime_len") == 0)
name = OSSL_PKEY_PARAM_FFC_PBITS;
else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
name = OSSL_PKEY_PARAM_FFC_QBITS;
else if (strcmp(name, "dh_paramgen_type") == 0) {
name = OSSL_PKEY_PARAM_FFC_TYPE;
value = ossl_dh_gen_type_id2name(atoi(value));
} else if (strcmp(name, "dh_param") == 0)
name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "dh_rfc5114") == 0) {
int num = atoi(value);
name = OSSL_PKEY_PARAM_GROUP_NAME;
value =
ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num));
} else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;
else if (strcmp(name, "ec_paramgen_curve") == 0)
name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "ecdh_cofactor_mode") == 0)
name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE;
else if (strcmp(name, "ecdh_kdf_md") == 0)
name = OSSL_EXCHANGE_PARAM_KDF_DIGEST;
else if (strcmp(name, "ec_param_enc") == 0)
name = OSSL_PKEY_PARAM_EC_ENCODING;
else if (strcmp(name, "N") == 0)
name = OSSL_KDF_PARAM_SCRYPT_N;
{
/*
* TODO(3.0) reduce the code above to only translate known legacy
* string to the corresponding core name (see core_names.h), but
* otherwise leave it to this code block to do the actual work.
*/
const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx);
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
int rv = 0;
int exists = 0;
if (!OSSL_PARAM_allocate_from_text(&params[0], settable, name, value,
strlen(value), &exists)) {
if (!exists) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
"name=%s,value=%s", name, value);
return -2;
}
return 0;
}
if (EVP_PKEY_CTX_set_params(ctx, params))
rv = 1;
OPENSSL_free(params[0].data);
return rv;
}
}
>>>>>>> 4651c47010... Fix external symbols related to dh keys
static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx,
const char *name, const char *value)
{

57
include/crypto/dh.h
View File

@ -16,40 +16,41 @@
# include <openssl/dh.h>
# include "internal/ffc.h"
DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
DH *dh_new_ex(OSSL_LIB_CTX *libctx);
DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx);
void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx);
int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb);
int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key);
int dh_get_named_group_uid_from_size(int pbits);
const char *dh_gen_type_id2name(int id);
int dh_gen_type_name2id(const char *name);
void dh_cache_named_group(DH *dh);
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb);
int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
const BIGNUM *priv_key, BIGNUM *pub_key);
int ossl_dh_get_named_group_uid_from_size(int pbits);
const char *ossl_dh_gen_type_id2name(int id);
int ossl_dh_gen_type_name2id(const char *name);
void ossl_dh_cache_named_group(DH *dh);
int ossl_dh_is_named_safe_prime_group(const DH *dh);
FFC_PARAMS *dh_get0_params(DH *dh);
int dh_get0_nid(const DH *dh);
int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
FFC_PARAMS *ossl_dh_get0_params(DH *dh);
int ossl_dh_get0_nid(const DH *dh);
int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
int dh_check_pairwise(const DH *dh);
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
int ossl_dh_check_pairwise(const DH *dh);
const DH_METHOD *dh_get_method(const DH *dh);
const DH_METHOD *ossl_dh_get_method(const DH *dh);
int dh_buf2key(DH *key, const unsigned char *buf, size_t len);
size_t dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, int alloc);
int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len);
size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size,
int alloc);
int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const char *cek_alg,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq);
int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const char *cek_alg,
const unsigned char *ukm, size_t ukmlen,
const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq);
#endif /* OSSL_CRYPTO_DH_H */

4
include/crypto/evp.h
View File

@ -179,8 +179,8 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
const EVP_PKEY_METHOD *dh_pkey_method(void);
const EVP_PKEY_METHOD *dhx_pkey_method(void);
const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
const EVP_PKEY_METHOD *dsa_pkey_method(void);
const EVP_PKEY_METHOD *ec_pkey_method(void);
const EVP_PKEY_METHOD *ecx25519_pkey_method(void);

4
providers/implementations/encode_decode/encode_key2text.c
View File

@ -23,7 +23,7 @@
#include <openssl/proverr.h>
#include "internal/ffc.h"
#include "crypto/bn.h" /* bn_get_words() */
#include "crypto/dh.h" /* dh_get0_params() */
#include "crypto/dh.h" /* ossl_dh_get0_params() */
#include "crypto/dsa.h" /* dsa_get0_params() */
#include "crypto/ec.h" /* ec_key_get_libctx */
#include "crypto/ecx.h" /* ECX_KEY, etc... */
@ -245,7 +245,7 @@ static int dh_to_text(BIO *out, const void *key, int selection)
}
}
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
params = dh_get0_params((DH *)dh);
params = ossl_dh_get0_params((DH *)dh);
if (params == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS);
return 0;

14
providers/implementations/exchange/dh_exch.c
View File

@ -180,13 +180,13 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret,
/* Do KDF stuff */
if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) {
if (!dh_KDF_X9_42_asn1(secret, pdhctx->kdf_outlen,
stmp, stmplen,
pdhctx->kdf_cekalg,
pdhctx->kdf_ukm,
pdhctx->kdf_ukmlen,
pdhctx->kdf_md,
pdhctx->libctx, NULL))
if (!ossl_dh_kdf_X9_42_asn1(secret, pdhctx->kdf_outlen,
stmp, stmplen,
pdhctx->kdf_cekalg,
pdhctx->kdf_ukm,
pdhctx->kdf_ukmlen,
pdhctx->kdf_md,
pdhctx->libctx, NULL))
goto err;
}
*secretlen = pdhctx->kdf_outlen;

54
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -91,7 +91,7 @@ static int dh_gen_type_name2id_w_default(const char *name, int type)
#endif
}
return dh_gen_type_name2id(name);
return ossl_dh_gen_type_name2id(name);
}
static void *dh_newdata(void *provctx)
@ -99,7 +99,7 @@ static void *dh_newdata(void *provctx)
DH *dh = NULL;
if (ossl_prov_is_running()) {
dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
@ -112,7 +112,7 @@ static void *dhx_newdata(void *provctx)
{
DH *dh = NULL;
dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DHX);
@ -158,8 +158,8 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);
FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);
ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1);
}
@ -178,10 +178,10 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
ok = ok && dh_params_fromdata(dh, params);
ok = ok && ossl_dh_params_fromdata(dh, params);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && dh_key_fromdata(dh, params);
ok = ok && ossl_dh_key_fromdata(dh, params);
return ok;
}
@ -202,9 +202,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
ok = ok && dh_params_todata(dh, tmpl, NULL);
ok = ok && ossl_dh_params_todata(dh, tmpl, NULL);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && dh_key_todata(dh, tmpl, NULL);
ok = ok && ossl_dh_key_todata(dh, tmpl, NULL);
if (!ok
|| (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
@ -295,14 +295,14 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
p->return_size = dh_key2buf(dh, (unsigned char **)&p->data,
p->data_size, 0);
p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data,
p->data_size, 0);
if (p->return_size == 0)
return 0;
}
return dh_params_todata(dh, NULL, params)
&& dh_key_todata(dh, NULL, params);
return ossl_dh_params_todata(dh, NULL, params)
&& ossl_dh_key_todata(dh, NULL, params);
}
static const OSSL_PARAM dh_params[] = {
@ -339,7 +339,7 @@ static int dh_set_params(void *key, const OSSL_PARAM params[])
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL
&& (p->data_type != OSSL_PARAM_OCTET_STRING
|| !dh_buf2key(dh, p->data, p->data_size)))
|| !ossl_dh_buf2key(dh, p->data, p->data_size)))
return 0;
return 1;
@ -357,7 +357,7 @@ static int dh_validate_public(const DH *dh, int checktype)
/* The partial test is only valid for named group's with q = (p - 1) / 2 */
if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
&& ossl_dh_is_named_safe_prime_group(dh))
return dh_check_pub_key_partial(dh, pub_key, &res);
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
return DH_check_pub_key(dh, pub_key, &res);
}
@ -370,7 +370,7 @@ static int dh_validate_private(const DH *dh)
DH_get0_key(dh, NULL, &priv_key);
if (priv_key == NULL)
return 0;
return dh_check_priv_key(dh, priv_key, &status);;
return ossl_dh_check_priv_key(dh, priv_key, &status);;
}
static int dh_validate(const void *keydata, int selection, int checktype)
@ -404,7 +404,7 @@ static int dh_validate(const void *keydata, int selection, int checktype)
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
== OSSL_KEYMGMT_SELECT_KEYPAIR)
ok = ok && dh_check_pairwise(dh);
ok = ok && ossl_dh_check_pairwise(dh);
return ok;
}
@ -461,7 +461,7 @@ static int dh_gen_set_template(void *genctx, void *templ)
if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
return 0;
gctx->ffc_params = dh_get0_params(dh);
gctx->ffc_params = ossl_dh_get0_params(dh);
return 1;
}
@ -492,8 +492,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING
|| ((gctx->gen_type =
dh_gen_type_name2id_w_default(p->data,
gctx->dh_type)) == -1)) {
dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
@ -606,18 +605,18 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
&& gctx->ffc_params == NULL) {
/* Select a named group if there is not one already */
if (gctx->group_nid == NID_undef)
gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits);
if (gctx->group_nid == NID_undef)
return NULL;
dh = dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
if (dh == NULL)
return NULL;
ffc = dh_get0_params(dh);
ffc = ossl_dh_get0_params(dh);
} else {
dh = dh_new_ex(gctx->libctx);
dh = ossl_dh_new_ex(gctx->libctx);
if (dh == NULL)
return NULL;
ffc = dh_get0_params(dh);
ffc = ossl_dh_get0_params(dh);
/* Copy the template value if one was passed */
if (gctx->ffc_params != NULL
@ -653,8 +652,9 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
ret = DH_generate_parameters_ex(dh, gctx->pbits,
gctx->generator, gencb);
else
ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
gctx->qbits, gencb);
ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type,
gctx->pbits, gctx->qbits,
gencb);
if (ret <= 0)
goto end;
}

8
test/ffc_internal_test.c
View File

@ -435,7 +435,7 @@ err:
return ret;
}
extern FFC_PARAMS *dh_get0_params(DH *dh);
extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
static int ffc_public_validate_test(void)
{
@ -449,7 +449,7 @@ static int ffc_public_validate_test(void)
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
params = dh_get0_params(dh);
params = ossl_dh_get0_params(dh);
if (!TEST_true(BN_set_word(pub, 1)))
goto err;
@ -528,7 +528,7 @@ static int ffc_private_validate_test(void)
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
params = dh_get0_params(dh);
params = ossl_dh_get0_params(dh);
if (!TEST_true(BN_set_word(priv, 1)))
goto err;
@ -589,7 +589,7 @@ static int ffc_private_gen_test(int index)
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
params = dh_get0_params(dh);
params = ossl_dh_get0_params(dh);
N = BN_num_bits(params->q);
/* Fail since N < 2*s - where s = 112*/