Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
2025-03-31 20:10:45 +08:00 · 2017-06-20 16:32:44 +01:00 · 2017-06-20 16:32:44 +01:00 · d2916a5b29
commit d2916a5b29
parent 29b0cab017
7 changed files with 23 additions and 20 deletions
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@ -78,7 +78,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
                OPENSSL_free(xkey);
                return 0;
            }
-            if (id == NID_X25519) {
+            if (id == EVP_PKEY_X25519) {
                xkey->privkey[0] &= 248;
                xkey->privkey[31] &= 127;
                xkey->privkey[31] |= 64;
@ -86,7 +86,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
        } else {
            memcpy(xkey->privkey, p, X25519_KEYLEN);
        }
-        if (id == NID_X25519)
+        if (id == EVP_PKEY_X25519)
            X25519_public_from_private(xkey->pubkey, xkey->privkey);
        else
            ED25519_public_from_private(xkey->pubkey, xkey->privkey);
@ -282,7 +282,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
    switch (op) {

    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
-        return ecx_key_op(pkey, NID_X25519, NULL, arg2, arg1, X25519_PUBLIC);
+        return ecx_key_op(pkey, EVP_PKEY_X25519, NULL, arg2, arg1,
+                          X25519_PUBLIC);

    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
        if (pkey->pkey.ptr != NULL) {
@ -305,8 +306,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 }

 const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
-    NID_X25519,
-    NID_X25519,
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
    0,
    "X25519",
    "OpenSSL X25519 algorithm",
@ -380,8 +381,8 @@ static int ecd_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
 }

 const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
-    NID_ED25519,
-    NID_ED25519,
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
    0,
    "ED25519",
    "OpenSSL ED25519 algorithm",
@ -451,7 +452,7 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 }

 const EVP_PKEY_METHOD ecx25519_pkey_meth = {
-    NID_X25519,
+    EVP_PKEY_X25519,
    0, 0, 0, 0, 0, 0, 0,
    pkey_ecx_keygen,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@ -510,7 +511,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 }

 const EVP_PKEY_METHOD ed25519_pkey_meth = {
-    NID_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
    0, 0, 0, 0, 0, 0,
    pkey_ecx_keygen,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@ -41,7 +41,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
    case EVP_PKEY_EC:
        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
        break;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
        ret = EVP_PKT_SIGN;
        break;
    case EVP_PKEY_DH:
--- a/doc/man7/Ed25519.pod
+++ b/doc/man7/Ed25519.pod
@ -31,7 +31,7 @@ or X509_sign_ctx() in the usual way.

 A context for the B<Ed25519> algorithm can be obtained by calling:

- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);

 =head1 EXAMPLE

@ -42,7 +42,7 @@ output in PEM format:
 #include <openssl/pem.h>
 ...
 EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
 EVP_PKEY_keygen_init(pctx);
 EVP_PKEY_keygen(pctx, &pkey);
 EVP_PKEY_CTX_free(pctx);
--- a/doc/man7/X25519.pod
+++ b/doc/man7/X25519.pod
@ -19,7 +19,7 @@ performing key derivation.

 A context for the B<X25519> algorithm can be obtained by calling:

- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);

 =head1 EXAMPLE

@ -30,7 +30,7 @@ output in PEM format:
 #include <openssl/pem.h>
 ...
 EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
 EVP_PKEY_keygen_init(pctx);
 EVP_PKEY_keygen(pctx, &pkey);
 EVP_PKEY_CTX_free(pctx);
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -56,6 +56,8 @@
 # define EVP_PKEY_HKDF   NID_hkdf
 # define EVP_PKEY_POLY1305 NID_poly1305
 # define EVP_PKEY_SIPHASH NID_siphash
+# define EVP_PKEY_X25519 NID_X25519
+# define EVP_PKEY_ED25519 NID_ED25519

 #ifdef  __cplusplus
 extern "C" {
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -1251,7 +1251,7 @@ int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
 #ifndef OPENSSL_NO_EC
    case EVP_PKEY_EC:
        return SSL_PKEY_ECC;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
        return SSL_PKEY_ED25519;
 #endif
 #ifndef OPENSSL_NO_GOST
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -169,7 +169,7 @@ static const tls_curve_info nid_list[] = {
    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
-    {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
 };

 static const unsigned char ecformats_default[] = {
@ -719,7 +719,7 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
     NID_ecdsa_with_SHA512, NID_secp521r1},
    {"ed25519", TLSEXT_SIGALG_ed25519,
-     NID_undef, -1, NID_ED25519, SSL_PKEY_ED25519,
+     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
     NID_undef, NID_undef},
    {NULL, TLSEXT_SIGALG_ecdsa_sha224,
     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
@ -1418,7 +1418,7 @@ static int tls12_get_pkey_idx(int sig_nid)
 #ifndef OPENSSL_NO_EC
    case EVP_PKEY_EC:
        return SSL_PKEY_ECC;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
        return SSL_PKEY_ED25519;
 #endif
 #ifndef OPENSSL_NO_GOST
@ -1498,7 +1498,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
            break;
 #endif
 #ifndef OPENSSL_NO_EC
-        case NID_ED25519:
+        case EVP_PKEY_ED25519:
        case EVP_PKEY_EC:
            if (!have_ecdsa && tls12_sigalg_allowed(s, op, lu))
                have_ecdsa = 1;
@ -2427,7 +2427,7 @@ int tls_choose_sigalg(SSL *s, int *al)
                    if (lu->sig_idx == idx
                        && (curve == -1 || lu->curve == curve))
                        break;
-                    if (idx == SSL_PKEY_ECC && lu->sig == NID_ED25519) {
+                    if (idx == SSL_PKEY_ECC && lu->sig == EVP_PKEY_ED25519) {
                        idx = SSL_PKEY_ED25519;
                        break;
                    }