From 19dbb742cdf68d8ada6338a025491a3b46b9ebe1 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 18 Feb 2021 15:56:53 +1000 Subject: [PATCH] Fix external symbols related to dh keys Partial fix for #12964 This adds ossl_ names for the following symbols: dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key, dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id, dh_cache_named_group, dh_get0_params, dh_get0_nid, dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata, dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise, dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1, dh_pkey_method, dhx_pkey_method Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14231) --- crypto/dh/dh_ameth.c | 12 +-- crypto/dh/dh_asn1.c | 2 +- crypto/dh/dh_backend.c | 14 +-- crypto/dh/dh_check.c | 8 +- crypto/dh/dh_gen.c | 10 +- crypto/dh/dh_group_params.c | 8 +- crypto/dh/dh_kdf.c | 15 +-- crypto/dh/dh_key.c | 11 ++- crypto/dh/dh_lib.c | 10 +- crypto/dh/dh_pmeth.c | 4 +- crypto/dsa/dsa_lib.c | 2 +- crypto/evp/dh_support.c | 4 +- crypto/evp/pmeth_lib.c | 97 ++++++++++++++++++- include/crypto/dh.h | 65 +++++++------ include/crypto/evp.h | 4 +- .../encode_decode/encode_key2text.c | 4 +- providers/implementations/exchange/dh_exch.c | 14 +-- providers/implementations/keymgmt/dh_kmgmt.c | 54 +++++------ test/ffc_internal_test.c | 8 +- 19 files changed, 221 insertions(+), 125 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 1cf692ee13..338f308934 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -433,9 +433,9 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); + return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); + return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: return -2; } @@ -492,7 +492,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, * If the DH method is foreign, then we can't be sure of anything, and * can therefore not export or pretend to export. */ - if (dh_get_method(dh) != DH_OpenSSL()) + if (ossl_dh_get_method(dh) != DH_OpenSSL()) return 0; if (p == NULL || g == NULL) @@ -543,7 +543,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - DH *dh = dh_new_ex(pctx->libctx); + DH *dh = ossl_dh_new_ex(pctx->libctx); if (dh == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); @@ -552,8 +552,8 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); - if (!dh_params_fromdata(dh, params) - || !dh_key_fromdata(dh, params) + if (!ossl_dh_params_fromdata(dh, params) + || !ossl_dh_key_fromdata(dh, params) || !EVP_PKEY_assign(pkey, type, dh)) { DH_free(dh); return 0; diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 68013219e7..5c8af108f5 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -39,7 +39,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, DH_FLAG_TYPE_DH); - dh_cache_named_group(dh); + ossl_dh_cache_named_group(dh); dh->dirty_cnt++; } return 1; diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index 41de7b9006..c848cb4870 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -30,17 +30,17 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]) if (dh == NULL) return 0; - ffc = dh_get0_params(dh); + ffc = ossl_dh_get0_params(dh); if (ffc == NULL) return 0; ret = ossl_ffc_params_fromdata(ffc, params); if (ret) - dh_cache_named_group(dh); /* This increments dh->dirty_cnt */ + ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */ return ret; } -int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) +int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) { const OSSL_PARAM *param_priv_len; long priv_len; @@ -58,7 +58,7 @@ int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) return 1; } -int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) { const OSSL_PARAM *param_priv_key, *param_pub_key; BIGNUM *priv_key = NULL, *pub_key = NULL; @@ -86,11 +86,11 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) return 0; } -int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { long l = DH_get_length(dh); - if (!ossl_ffc_params_todata(dh_get0_params(dh), bld, params)) + if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params)) return 0; if (l > 0 && !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l)) @@ -98,7 +98,7 @@ int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) return 1; } -int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { const BIGNUM *priv = NULL, *pub = NULL; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 5cbbdbf8c5..90697340f7 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -243,12 +243,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) * To only be used with ephemeral FFC public keys generated using the approved * safe-prime groups. */ -int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) +int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); } -int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) +int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) { int ok = 0; BIGNUM *two_powN = NULL, *upper; @@ -281,7 +281,7 @@ err: * FFC pairwise check from SP800-56A R3. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency */ -int dh_check_pairwise(const DH *dh) +int ossl_dh_check_pairwise(const DH *dh) { int ret = 0; BN_CTX *ctx = NULL; @@ -301,7 +301,7 @@ int dh_check_pairwise(const DH *dh) goto err; /* recalculate the public key = (g ^ priv) mod p */ - if (!dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) + if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) goto err; /* check it matches the existing pubic_key */ ret = BN_cmp(pub_key, dh->pub_key) == 0; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index bdc0dc79b8..aecf7195d8 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -35,8 +35,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); #endif /* FIPS_MODULE */ -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb) +int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb) { int ret, res; @@ -55,7 +55,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, return ret; } -int dh_get_named_group_uid_from_size(int pbits) +int ossl_dh_get_named_group_uid_from_size(int pbits) { /* * Just choose an approved safe prime group. @@ -95,12 +95,12 @@ static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len) { DH *dh; int ok = 0; - int nid = dh_get_named_group_uid_from_size(prime_len); + int nid = ossl_dh_get_named_group_uid_from_size(prime_len); if (nid == NID_undef) return 0; - dh = dh_new_by_nid_ex(libctx, nid); + dh = ossl_dh_new_by_nid_ex(libctx, nid); if (dh != NULL && ossl_ffc_params_copy(&ret->params, &dh->params)) { ok = 1; diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c index 0f66d8969d..72082d6f50 100644 --- a/crypto/dh/dh_group_params.c +++ b/crypto/dh/dh_group_params.c @@ -27,7 +27,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) { - DH *dh = dh_new_ex(libctx); + DH *dh = ossl_dh_new_ex(libctx); if (dh == NULL) return NULL; @@ -39,7 +39,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) return dh; } -DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) +DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) { const DH_NAMED_GROUP *group; @@ -52,10 +52,10 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) DH *DH_new_by_nid(int nid) { - return dh_new_by_nid_ex(NULL, nid); + return ossl_dh_new_by_nid_ex(NULL, nid); } -void dh_cache_named_group(DH *dh) +void ossl_dh_cache_named_group(DH *dh) { const DH_NAMED_GROUP *group; diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index ea2cd6386c..e1753b0b69 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -25,11 +25,12 @@ #include /* Key derivation function from X9.63/SECG */ -int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) +int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; EVP_KDF_CTX *kctx = NULL; @@ -78,7 +79,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, if (key_alg == NULL) return 0; - return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg, - ukm, ukmlen, md, libctx, NULL); + return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg, + ukm, ukmlen, md, libctx, NULL); } #endif /* !defined(FIPS_MODULE) */ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index f8cbbd593b..f282a12b4c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -210,8 +210,8 @@ int DH_generate_key(DH *dh) #endif } -int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key, - BIGNUM *pub_key) +int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, + const BIGNUM *priv_key, BIGNUM *pub_key) { int ret = 0; BIGNUM *prk = BN_new(); @@ -344,7 +344,7 @@ static int generate_key(DH *dh) } } - if (!dh_generate_public_key(ctx, dh, priv_key, pub_key)) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) goto err; dh->pub_key = pub_key; @@ -363,7 +363,7 @@ static int generate_key(DH *dh) return ok; } -int dh_buf2key(DH *dh, const unsigned char *buf, size_t len) +int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) { int err_reason = DH_R_BN_ERROR; BIGNUM *pubkey = NULL; @@ -394,7 +394,8 @@ err: return 0; } -size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc) +size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, + int alloc) { const BIGNUM *pubkey; unsigned char *pbuf = NULL; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e3db7a4929..78b984157d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -47,7 +47,7 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) return 1; } -const DH_METHOD *dh_get_method(const DH *dh) +const DH_METHOD *ossl_dh_get_method(const DH *dh) { return dh->meth; } @@ -64,7 +64,7 @@ DH *DH_new_method(ENGINE *engine) } #endif /* !FIPS_MODULE */ -DH *dh_new_ex(OSSL_LIB_CTX *libctx) +DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) { return dh_new_intern(NULL, libctx); } @@ -230,7 +230,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) return 0; ossl_ffc_params_set0_pqg(&dh->params, p, q, g); - dh_cache_named_group(dh); + ossl_dh_cache_named_group(dh); dh->dirty_cnt++; return 1; } @@ -317,11 +317,11 @@ ENGINE *DH_get0_engine(DH *dh) } #endif /*FIPS_MODULE */ -FFC_PARAMS *dh_get0_params(DH *dh) +FFC_PARAMS *ossl_dh_get0_params(DH *dh) { return &dh->params; } -int dh_get0_nid(const DH *dh) +int ossl_dh_get0_nid(const DH *dh) { return dh->params.nid; } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 11f30ce702..4a18205a7f 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -509,7 +509,7 @@ static const EVP_PKEY_METHOD dh_pkey_meth = { pkey_dh_ctrl_str }; -const EVP_PKEY_METHOD *dh_pkey_method(void) +const EVP_PKEY_METHOD *ossl_dh_pkey_method(void) { return &dh_pkey_meth; } @@ -548,7 +548,7 @@ static const EVP_PKEY_METHOD dhx_pkey_meth = { pkey_dh_ctrl_str }; -const EVP_PKEY_METHOD *dhx_pkey_method(void) +const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void) { return &dhx_pkey_meth; } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 7e5be3208d..0c84a6294f 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -52,7 +52,7 @@ DH *DSA_dup_DH(const DSA *r) if (ret == NULL) goto err; - if (!ossl_ffc_params_copy(dh_get0_params(ret), &r->params)) + if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params)) goto err; if (r->pub_key != NULL) { diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c index 212cf908eb..0f33b28122 100644 --- a/crypto/evp/dh_support.c +++ b/crypto/evp/dh_support.c @@ -25,7 +25,7 @@ static const DH_GENTYPE_NAME2ID dhtype2id[]= { "generator", DH_PARAMGEN_TYPE_GENERATOR } }; -const char *dh_gen_type_id2name(int id) +const char *ossl_dh_gen_type_id2name(int id) { size_t i; @@ -36,7 +36,7 @@ const char *dh_gen_type_id2name(int id) return NULL; } -int dh_gen_type_name2id(const char *name) +int ossl_dh_gen_type_name2id(const char *name) { size_t i; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 500e056479..9499d666bd 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -51,7 +51,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; static pmeth_fn standard_methods[] = { ossl_rsa_pkey_method, # ifndef OPENSSL_NO_DH - dh_pkey_method, + ossl_dh_pkey_method, # endif # ifndef OPENSSL_NO_DSA dsa_pkey_method, @@ -61,7 +61,7 @@ static pmeth_fn standard_methods[] = { # endif ossl_rsa_pss_pkey_method, # ifndef OPENSSL_NO_DH - dhx_pkey_method, + ossl_dhx_pkey_method, # endif # ifndef OPENSSL_NO_EC ecx25519_pkey_method, @@ -1326,6 +1326,99 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); } +<<<<<<< HEAD +======= +static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, + const char *value) +{ + if (strcmp(name, "md") == 0) + name = OSSL_ALG_PARAM_DIGEST; + else if (strcmp(name, "rsa_padding_mode") == 0) + name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE; + else if (strcmp(name, "rsa_mgf1_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST; + else if (strcmp(name, "rsa_oaep_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST; + else if (strcmp(name, "rsa_oaep_label") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL; + else if (strcmp(name, "rsa_pss_saltlen") == 0) + name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN; + else if (strcmp(name, "rsa_keygen_bits") == 0) + name = OSSL_PKEY_PARAM_RSA_BITS; + else if (strcmp(name, "rsa_keygen_pubexp") == 0) + name = OSSL_PKEY_PARAM_RSA_E; + else if (strcmp(name, "rsa_keygen_primes") == 0) + name = OSSL_PKEY_PARAM_RSA_PRIMES; + else if (strcmp(name, "rsa_pss_keygen_md") == 0) + name = OSSL_PKEY_PARAM_RSA_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0) + name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; + else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0) + name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; + else if (strcmp(name, "dsa_paramgen_bits") == 0) + name = OSSL_PKEY_PARAM_FFC_PBITS; + else if (strcmp(name, "dsa_paramgen_q_bits") == 0) + name = OSSL_PKEY_PARAM_FFC_QBITS; + else if (strcmp(name, "dsa_paramgen_md") == 0) + name = OSSL_PKEY_PARAM_FFC_DIGEST; + else if (strcmp(name, "dh_paramgen_generator") == 0) + name = OSSL_PKEY_PARAM_DH_GENERATOR; + else if (strcmp(name, "dh_paramgen_prime_len") == 0) + name = OSSL_PKEY_PARAM_FFC_PBITS; + else if (strcmp(name, "dh_paramgen_subprime_len") == 0) + name = OSSL_PKEY_PARAM_FFC_QBITS; + else if (strcmp(name, "dh_paramgen_type") == 0) { + name = OSSL_PKEY_PARAM_FFC_TYPE; + value = ossl_dh_gen_type_id2name(atoi(value)); + } else if (strcmp(name, "dh_param") == 0) + name = OSSL_PKEY_PARAM_GROUP_NAME; + else if (strcmp(name, "dh_rfc5114") == 0) { + int num = atoi(value); + + name = OSSL_PKEY_PARAM_GROUP_NAME; + value = + ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num)); + } else if (strcmp(name, "dh_pad") == 0) + name = OSSL_EXCHANGE_PARAM_PAD; + else if (strcmp(name, "ec_paramgen_curve") == 0) + name = OSSL_PKEY_PARAM_GROUP_NAME; + else if (strcmp(name, "ecdh_cofactor_mode") == 0) + name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE; + else if (strcmp(name, "ecdh_kdf_md") == 0) + name = OSSL_EXCHANGE_PARAM_KDF_DIGEST; + else if (strcmp(name, "ec_param_enc") == 0) + name = OSSL_PKEY_PARAM_EC_ENCODING; + else if (strcmp(name, "N") == 0) + name = OSSL_KDF_PARAM_SCRYPT_N; + + { + /* + * TODO(3.0) reduce the code above to only translate known legacy + * string to the corresponding core name (see core_names.h), but + * otherwise leave it to this code block to do the actual work. + */ + const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int rv = 0; + int exists = 0; + + if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value, + strlen(value), &exists)) { + if (!exists) { + ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, + "name=%s,value=%s", name, value); + return -2; + } + return 0; + } + if (EVP_PKEY_CTX_set_params(ctx, params)) + rv = 1; + OPENSSL_free(params[0].data); + return rv; + } +} + +>>>>>>> 4651c47010... Fix external symbols related to dh keys static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, const char *name, const char *value) { diff --git a/include/crypto/dh.h b/include/crypto/dh.h index eca2a03056..d8b597a0f1 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -16,40 +16,41 @@ # include # include "internal/ffc.h" -DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); -DH *dh_new_ex(OSSL_LIB_CTX *libctx); +DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); +DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx); void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx); - -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb); -int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key, - BIGNUM *pub_key); -int dh_get_named_group_uid_from_size(int pbits); -const char *dh_gen_type_id2name(int id); -int dh_gen_type_name2id(const char *name); -void dh_cache_named_group(DH *dh); +int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb); +int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, + const BIGNUM *priv_key, BIGNUM *pub_key); +int ossl_dh_get_named_group_uid_from_size(int pbits); +const char *ossl_dh_gen_type_id2name(int id); +int ossl_dh_gen_type_name2id(const char *name); +void ossl_dh_cache_named_group(DH *dh); int ossl_dh_is_named_safe_prime_group(const DH *dh); -FFC_PARAMS *dh_get0_params(DH *dh); -int dh_get0_nid(const DH *dh); -int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]); -int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]); -int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); -int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); - -int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); -int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); -int dh_check_pairwise(const DH *dh); - -const DH_METHOD *dh_get_method(const DH *dh); - -int dh_buf2key(DH *key, const unsigned char *buf, size_t len); -size_t dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, int alloc); - -int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq); +FFC_PARAMS *ossl_dh_get0_params(DH *dh); +int ossl_dh_get0_nid(const DH *dh); +int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]); +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]); +int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); + +int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); +int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); +int ossl_dh_check_pairwise(const DH *dh); + +const DH_METHOD *ossl_dh_get_method(const DH *dh); + +int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len); +size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, + int alloc); + +int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq); #endif /* OSSL_CRYPTO_DH_H */ diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 0ed9a02396..e48afbf203 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -179,8 +179,8 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); -const EVP_PKEY_METHOD *dh_pkey_method(void); -const EVP_PKEY_METHOD *dhx_pkey_method(void); +const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); +const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); const EVP_PKEY_METHOD *dsa_pkey_method(void); const EVP_PKEY_METHOD *ec_pkey_method(void); const EVP_PKEY_METHOD *ecx25519_pkey_method(void); diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 8be3478102..4b4cfc8fa7 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -23,7 +23,7 @@ #include #include "internal/ffc.h" #include "crypto/bn.h" /* bn_get_words() */ -#include "crypto/dh.h" /* dh_get0_params() */ +#include "crypto/dh.h" /* ossl_dh_get0_params() */ #include "crypto/dsa.h" /* dsa_get0_params() */ #include "crypto/ec.h" /* ec_key_get_libctx */ #include "crypto/ecx.h" /* ECX_KEY, etc... */ @@ -245,7 +245,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) } } if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { - params = dh_get0_params((DH *)dh); + params = ossl_dh_get0_params((DH *)dh); if (params == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS); return 0; diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 32ce2ee0ed..2638675da5 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -180,13 +180,13 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, /* Do KDF stuff */ if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) { - if (!dh_KDF_X9_42_asn1(secret, pdhctx->kdf_outlen, - stmp, stmplen, - pdhctx->kdf_cekalg, - pdhctx->kdf_ukm, - pdhctx->kdf_ukmlen, - pdhctx->kdf_md, - pdhctx->libctx, NULL)) + if (!ossl_dh_kdf_X9_42_asn1(secret, pdhctx->kdf_outlen, + stmp, stmplen, + pdhctx->kdf_cekalg, + pdhctx->kdf_ukm, + pdhctx->kdf_ukmlen, + pdhctx->kdf_md, + pdhctx->libctx, NULL)) goto err; } *secretlen = pdhctx->kdf_outlen; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index a967309644..9b1679e4fa 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -91,7 +91,7 @@ static int dh_gen_type_name2id_w_default(const char *name, int type) #endif } - return dh_gen_type_name2id(name); + return ossl_dh_gen_type_name2id(name); } static void *dh_newdata(void *provctx) @@ -99,7 +99,7 @@ static void *dh_newdata(void *provctx) DH *dh = NULL; if (ossl_prov_is_running()) { - dh = dh_new_ex(PROV_LIBCTX_OF(provctx)); + dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx)); if (dh != NULL) { DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, DH_FLAG_TYPE_DH); @@ -112,7 +112,7 @@ static void *dhx_newdata(void *provctx) { DH *dh = NULL; - dh = dh_new_ex(PROV_LIBCTX_OF(provctx)); + dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx)); if (dh != NULL) { DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, DH_FLAG_TYPE_DHX); @@ -158,8 +158,8 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection) if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { - FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1); - FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2); + FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1); + FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2); ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1); } @@ -178,10 +178,10 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) return 0; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && dh_params_fromdata(dh, params); + ok = ok && ossl_dh_params_fromdata(dh, params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && dh_key_fromdata(dh, params); + ok = ok && ossl_dh_key_fromdata(dh, params); return ok; } @@ -202,9 +202,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, return 0; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && dh_params_todata(dh, tmpl, NULL); + ok = ok && ossl_dh_params_todata(dh, tmpl, NULL); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && dh_key_todata(dh, tmpl, NULL); + ok = ok && ossl_dh_key_todata(dh, tmpl, NULL); if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { @@ -295,14 +295,14 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; - p->return_size = dh_key2buf(dh, (unsigned char **)&p->data, - p->data_size, 0); + p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data, + p->data_size, 0); if (p->return_size == 0) return 0; } - return dh_params_todata(dh, NULL, params) - && dh_key_todata(dh, NULL, params); + return ossl_dh_params_todata(dh, NULL, params) + && ossl_dh_key_todata(dh, NULL, params); } static const OSSL_PARAM dh_params[] = { @@ -339,7 +339,7 @@ static int dh_set_params(void *key, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL && (p->data_type != OSSL_PARAM_OCTET_STRING - || !dh_buf2key(dh, p->data, p->data_size))) + || !ossl_dh_buf2key(dh, p->data, p->data_size))) return 0; return 1; @@ -357,7 +357,7 @@ static int dh_validate_public(const DH *dh, int checktype) /* The partial test is only valid for named group's with q = (p - 1) / 2 */ if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK && ossl_dh_is_named_safe_prime_group(dh)) - return dh_check_pub_key_partial(dh, pub_key, &res); + return ossl_dh_check_pub_key_partial(dh, pub_key, &res); return DH_check_pub_key(dh, pub_key, &res); } @@ -370,7 +370,7 @@ static int dh_validate_private(const DH *dh) DH_get0_key(dh, NULL, &priv_key); if (priv_key == NULL) return 0; - return dh_check_priv_key(dh, priv_key, &status);; + return ossl_dh_check_priv_key(dh, priv_key, &status);; } static int dh_validate(const void *keydata, int selection, int checktype) @@ -404,7 +404,7 @@ static int dh_validate(const void *keydata, int selection, int checktype) if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) - ok = ok && dh_check_pairwise(dh); + ok = ok && ossl_dh_check_pairwise(dh); return ok; } @@ -461,7 +461,7 @@ static int dh_gen_set_template(void *genctx, void *templ) if (!ossl_prov_is_running() || gctx == NULL || dh == NULL) return 0; - gctx->ffc_params = dh_get0_params(dh); + gctx->ffc_params = ossl_dh_get0_params(dh); return 1; } @@ -492,8 +492,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING || ((gctx->gen_type = - dh_gen_type_name2id_w_default(p->data, - gctx->dh_type)) == -1)) { + dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -606,18 +605,18 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) && gctx->ffc_params == NULL) { /* Select a named group if there is not one already */ if (gctx->group_nid == NID_undef) - gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits); + gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits); if (gctx->group_nid == NID_undef) return NULL; - dh = dh_new_by_nid_ex(gctx->libctx, gctx->group_nid); + dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid); if (dh == NULL) return NULL; - ffc = dh_get0_params(dh); + ffc = ossl_dh_get0_params(dh); } else { - dh = dh_new_ex(gctx->libctx); + dh = ossl_dh_new_ex(gctx->libctx); if (dh == NULL) return NULL; - ffc = dh_get0_params(dh); + ffc = ossl_dh_get0_params(dh); /* Copy the template value if one was passed */ if (gctx->ffc_params != NULL @@ -653,8 +652,9 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) ret = DH_generate_parameters_ex(dh, gctx->pbits, gctx->generator, gencb); else - ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits, - gctx->qbits, gencb); + ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type, + gctx->pbits, gctx->qbits, + gencb); if (ret <= 0) goto end; } diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index 1cbaec891b..3c54d68010 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -435,7 +435,7 @@ err: return ret; } -extern FFC_PARAMS *dh_get0_params(DH *dh); +extern FFC_PARAMS *ossl_dh_get0_params(DH *dh); static int ffc_public_validate_test(void) { @@ -449,7 +449,7 @@ static int ffc_public_validate_test(void) if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) goto err; - params = dh_get0_params(dh); + params = ossl_dh_get0_params(dh); if (!TEST_true(BN_set_word(pub, 1))) goto err; @@ -528,7 +528,7 @@ static int ffc_private_validate_test(void) if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) goto err; - params = dh_get0_params(dh); + params = ossl_dh_get0_params(dh); if (!TEST_true(BN_set_word(priv, 1))) goto err; @@ -589,7 +589,7 @@ static int ffc_private_gen_test(int index) if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) goto err; - params = dh_get0_params(dh); + params = ossl_dh_get0_params(dh); N = BN_num_bits(params->q); /* Fail since N < 2*s - where s = 112*/ -- 2.39.2