mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Hide ECX_KEY again

Browse Source 
ECX_KEY was not meant for public consumption, it was only to be
accessed indirectly via EVP routines.  However, we still need internal
access for our decoders.

This partially reverts 7c664b1f1b

Fixes #12880

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12956)
This commit is contained in:
Richard Levitte 2020-09-25 12:12:22 +10:00 committed by Shane Lontis
parent 21e5be854d
commit 25b16562d3
8 changed files with 66 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
crypto/evp/p_lib.c
View File

@ -870,15 +870,7 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
return ret;
}
static int EVP_PKEY_set1_ECX_KEY(EVP_PKEY *pkey, int type, ECX_KEY *key)
{
int ret = EVP_PKEY_assign(pkey, type, key);
if (ret)
ecx_key_up_ref(key);
return ret;
}
static ECX_KEY *EVP_PKEY_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
@ -891,26 +883,18 @@ static ECX_KEY *EVP_PKEY_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
return pkey->pkey.ecx;
}
static ECX_KEY *EVP_PKEY_get1_ECX_KEY(EVP_PKEY *pkey, int type)
static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type)
{
ECX_KEY *ret = EVP_PKEY_get0_ECX_KEY(pkey, type);
ECX_KEY *ret = evp_pkey_get0_ECX_KEY(pkey, type);
if (ret != NULL)
ecx_key_up_ref(ret);
return ret;
}
# define IMPLEMENT_ECX_VARIANT(NAME) \
int EVP_PKEY_set1_##NAME(EVP_PKEY *pkey, ECX_KEY *key) \
ECX_KEY *evp_pkey_get1_##NAME(EVP_PKEY *pkey) \
{ \
return EVP_PKEY_set1_ECX_KEY(pkey, EVP_PKEY_##NAME, key); \
} \
ECX_KEY *EVP_PKEY_get0_##NAME(const EVP_PKEY *pkey) \
{ \
return EVP_PKEY_get0_ECX_KEY(pkey, EVP_PKEY_##NAME); \
} \
ECX_KEY *EVP_PKEY_get1_##NAME(EVP_PKEY *pkey) \
{ \
return EVP_PKEY_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \
return evp_pkey_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \
}
IMPLEMENT_ECX_VARIANT(X25519)
IMPLEMENT_ECX_VARIANT(X448)

43
doc/internal/man3/evp_pkey_get1_ED25519.pod Normal file
View File

@ -0,0 +1,43 @@
=pod
=head1 NAME
evp_pkey_get1_ED25519, evp_pkey_get1_ED448,
evp_pkey_get1_X25519, evp_pkey_get1_X448
- internal ECX from EVP_PKEY getter functions
=head1 SYNOPSIS
#include "internal/evp.h"
ECX_KEY *evp_pkey_get1_ED25519(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_ED448(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_X25519(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_X448(EVP_PKEY *pkey);
=head1 DESCRIPTION
evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and
evp_pkey_get1_X448() return the referenced key in I<pkey> or NULL if the key
is not of the correct type. The returned key must be freed after use.
=head1 RETURN VALUES
evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and
evp_pkey_get1_X448() return the referenced key or NULL if an error
occurred.
=head1 HISTORY
This functionality was added to OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this
file except in compliance with the License. You can obtain a copy in the file
LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

49
doc/man3/EVP_PKEY_set1_RSA.pod
View File

@ -3,18 +3,10 @@
=head1 NAME
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
EVP_PKEY_set1_ED25519, EVP_PKEY_set1_ED448,
EVP_PKEY_set1_X25519, EVP_PKEY_set1_X448,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get1_ED25519, EVP_PKEY_get1_ED448,
EVP_PKEY_get1_X25519, EVP_PKEY_get1_X448,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_get0_ED25519, EVP_PKEY_get0_ED448,
EVP_PKEY_get0_X25519, EVP_PKEY_get0_X448,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
EVP_PKEY_assign_ED25519, EVP_PKEY_assign_ED448,
EVP_PKEY_assign_X25519, EVP_PKEY_assign_X448,
EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
@ -27,19 +19,11 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
int EVP_PKEY_set1_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_ED448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_X25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_X448(EVP_PKEY *pkey, ECX_KEY *key);
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_ED25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_ED448(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_X25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_X448(EVP_PKEY *pkey);
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
@ -48,19 +32,11 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_ED25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_ED448(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_X25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_X448(EVP_PKEY *pkey);
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
int EVP_PKEY_assign_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_ED448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_X25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_X448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
@ -74,28 +50,21 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
=head1 DESCRIPTION
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH(),
EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_ED25519(), EVP_PKEY_set1_ED448(),
EVP_PKEY_set1_X25519() and EVP_PKEY_set1_X448() set the key referenced by
I<pkey> to I<key>.
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>.
EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY(), EVP_PKEY_get1_ED25519(), EVP_PKEY_get1_ED448(),
EVP_PKEY_get1_X25519() and EVP_PKEY_get1_X448() return the referenced key in
I<pkey> or NULL if the key is not of the correct type. The returned key must
be freed after use.
EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
key is not of the correct type. The returned key must be freed after use.
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(),
EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_ED25519(), EVP_PKEY_get0_ED448(),
EVP_PKEY_get0_X25519() and EVP_PKEY_get0_X448() return the referenced
key in I<pkey> or NULL if the key is not of the correct type but the
reference count of the returned key is B<not> incremented and so must not be
freed after use.
EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
key is not of the correct type but the reference count of the returned key
is B<not> incremented and so must not be freed after use.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_ED25519(), EVP_PKEY_assign_ED448(),
EVP_PKEY_assign_X25519(), EVP_PKEY_assign_X448(), EVP_PKEY_assign_POLY1305() and
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
the supplied I<key> internally and so I<key> will be freed when the parent
I<pkey> is freed.

5
include/crypto/ecx.h
View File

@ -111,10 +111,15 @@ int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
void X448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
/* Backend support */
int ecx_public_from_private(ECX_KEY *key);
int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
int include_private);
ECX_KEY *evp_pkey_get1_X25519(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_X448(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_ED25519(EVP_PKEY *pkey);
ECX_KEY *evp_pkey_get1_ED448(EVP_PKEY *pkey);
# endif /* OPENSSL_NO_EC */
#endif

21
include/openssl/evp.h
View File

@ -465,14 +465,6 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
# ifndef OPENSSL_NO_EC
# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
(eckey))
# define EVP_PKEY_assign_X25519(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_X25519,\
(ecxkey))
# define EVP_PKEY_assign_X448(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_X448,\
(ecxkey))
# define EVP_PKEY_assign_ED25519(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_ED25519,\
(ecxkey))
# define EVP_PKEY_assign_ED448(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_ED448,\
(ecxkey))
# endif
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
@ -1241,19 +1233,6 @@ struct ec_key_st;
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
struct ecx_key_st;
int EVP_PKEY_set1_X25519(EVP_PKEY *pkey, struct ecx_key_st *key);
struct ecx_key_st *EVP_PKEY_get0_X25519(const EVP_PKEY *pkey);
struct ecx_key_st *EVP_PKEY_get1_X25519(EVP_PKEY *pkey);
int EVP_PKEY_set1_X448(EVP_PKEY *pkey, struct ecx_key_st *key);
struct ecx_key_st *EVP_PKEY_get0_X448(const EVP_PKEY *pkey);
struct ecx_key_st *EVP_PKEY_get1_X448(EVP_PKEY *pkey);
int EVP_PKEY_set1_ED25519(EVP_PKEY *pkey, struct ecx_key_st *key);
struct ecx_key_st *EVP_PKEY_get0_ED25519(const EVP_PKEY *pkey);
struct ecx_key_st *EVP_PKEY_get1_ED25519(EVP_PKEY *pkey);
int EVP_PKEY_set1_ED448(EVP_PKEY *pkey, struct ecx_key_st *key);
struct ecx_key_st *EVP_PKEY_get0_ED448(const EVP_PKEY *pkey);
struct ecx_key_st *EVP_PKEY_get1_ED448(EVP_PKEY *pkey);
# endif
EVP_PKEY *EVP_PKEY_new(void);

8
providers/implementations/encode_decode/decode_der2key.c
View File

@ -304,12 +304,12 @@ IMPLEMENT_NEWCTX("DSA", DSA, dsa, EVP_PKEY_get1_DSA, DSA_free);
#ifndef OPENSSL_NO_EC
IMPLEMENT_NEWCTX("EC", EC, ec, EVP_PKEY_get1_EC_KEY, EC_KEY_free);
IMPLEMENT_NEWCTX("X25519", X25519, x25519,
EVP_PKEY_get1_X25519, ecx_key_free);
evp_pkey_get1_X25519, ecx_key_free);
IMPLEMENT_NEWCTX("X448", X448, x448,
EVP_PKEY_get1_X448, ecx_key_free);
evp_pkey_get1_X448, ecx_key_free);
IMPLEMENT_NEWCTX("ED25519", ED25519, ed25519,
EVP_PKEY_get1_ED25519, ecx_key_free);
IMPLEMENT_NEWCTX("ED448", ED448, ed448, EVP_PKEY_get1_ED448, ecx_key_free);
evp_pkey_get1_ED25519, ecx_key_free);
IMPLEMENT_NEWCTX("ED448", ED448, ed448, evp_pkey_get1_ED448, ecx_key_free);
#endif
IMPLEMENT_NEWCTX("RSA", RSA, rsa, EVP_PKEY_get1_RSA, RSA_free);
IMPLEMENT_NEWCTX("RSA-PSS", RSA_PSS, rsapss, EVP_PKEY_get1_RSA, RSA_free);

12
util/libcrypto.num
View File

@ -5165,18 +5165,6 @@ ERR_load_OSSL_DECODER_strings ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_gettable_params ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_get_params ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_new_by_EVP_PKEY ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_X25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get0_X25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get1_X25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_set1_X448 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get0_X448 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get1_X448 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_set1_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get0_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get1_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_set1_ED448 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get0_ED448 ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get1_ED448 ? 3_0_0 EXIST::FUNCTION:EC
OSSL_DECODER_CTX_set_construct ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_construct_data ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION:

4
util/other.syms
View File

@ -304,10 +304,6 @@ EVP_PKEY_CTX_set_tls1_prf_md define
EVP_PKEY_assign_DH define
EVP_PKEY_assign_DSA define
EVP_PKEY_assign_EC_KEY define
EVP_PKEY_assign_ED25519 define
EVP_PKEY_assign_ED448 define
EVP_PKEY_assign_X25519 define
EVP_PKEY_assign_X448 define
EVP_PKEY_assign_POLY1305 define
EVP_PKEY_assign_RSA define
EVP_PKEY_assign_SIPHASH define