From 5ac8fb584a0ba8e4223e98b87a5416d67340360e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 9 Oct 2020 14:19:42 +0100 Subject: [PATCH] Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key We do the same thing for the "get1" version. In reality this has broader use than just TLS (it can also be used in CMS), and "encodedpoint" only makes sense when you are talking about EC based algorithms. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13105) --- crypto/cms/cms_dh.c | 6 +--- crypto/cms/cms_ec.c | 6 ++-- crypto/evp/p_lib.c | 29 ++++++++++--------- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 +-- doc/man7/EVP_PKEY-DH.pod | 2 +- doc/man7/EVP_PKEY-EC.pod | 7 +++-- doc/man7/EVP_PKEY-X25519.pod | 7 +++-- include/openssl/core_names.h | 2 +- include/openssl/evp.h | 21 ++++++++++++-- providers/implementations/keymgmt/dh_kmgmt.c | 8 ++--- providers/implementations/keymgmt/ec_kmgmt.c | 13 +++++---- providers/implementations/keymgmt/ecx_kmgmt.c | 8 ++--- ssl/statem/extensions_clnt.c | 8 ++--- ssl/statem/extensions_srvr.c | 6 ++-- ssl/statem/statem_clnt.c | 8 ++--- ssl/statem/statem_srvr.c | 6 ++-- test/tls-provider.c | 9 +++--- util/libcrypto.num | 6 ++-- 18 files changed, 86 insertions(+), 70 deletions(-) diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 0d9eac50b3..2c64f50259 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -46,11 +46,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, pkpeer = EVP_PKEY_new(); if (pkpeer == NULL || !EVP_PKEY_copy_parameters(pkpeer, pk) - /* - * TODO(3.0): This is badly named!! Can we make this more - * generic and not TLS specific? - */ - || !EVP_PKEY_set1_tls_encodedpoint(pkpeer, p, plen)) + || !EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen)) goto err; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 79d603adcb..9a602bb81d 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -112,8 +112,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (p == NULL || plen == 0) goto err; - /* TODO(3.0): Terrible name. We need a non-tls specific name */ - if (!EVP_PKEY_set1_tls_encodedpoint(pkpeer, p, plen)) + if (!EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen)) goto err; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) @@ -279,8 +278,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) if (aoid == OBJ_nid2obj(NID_undef)) { /* Set the key */ - /* TODO(3.0): Terrible name. Needs a non TLS specific name */ - penclen = EVP_PKEY_get1_tls_encodedpoint(pkey, &penc); + penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); ASN1_STRING_set0(pubkey, penc, penclen); pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index cc30bc3495..1ec36d6cbc 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1317,8 +1317,8 @@ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid) return rv; } -int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, - const unsigned char *pt, size_t ptlen) +int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, + size_t publen) { if (pkey->ameth == NULL) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -1327,20 +1327,21 @@ int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, return 0; params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, - (unsigned char *)pt, ptlen); + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + (unsigned char *)pub, publen); return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params); } - if (ptlen > INT_MAX) + if (publen > INT_MAX) return 0; - if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, - (void *)pt) <= 0) + /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */ + if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen, + (void *)pub) <= 0) return 0; return 1; } -size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) +size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) { int rv; @@ -1351,18 +1352,18 @@ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) return 0; params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0); if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) return 0; - *ppt = OPENSSL_malloc(params[0].return_size); - if (*ppt == NULL) + *ppub = OPENSSL_malloc(params[0].return_size); + if (*ppub == NULL) return 0; params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, - *ppt, params[0].return_size); + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + *ppub, params[0].return_size); if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) return 0; @@ -1370,7 +1371,7 @@ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) } - rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); + rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppub); if (rv <= 0) return 0; return rv; diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index bc1f1ad04d..9f50a56964 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -258,8 +258,8 @@ L, and L. The pkey_ctrl() method adds extra algorithm specific control. It's called by L, L, -L, -L, L, +L, +L, L, L, ... int (*old_priv_decode) (EVP_PKEY *pkey, diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index 45d7c6ed5f..64ba7079dc 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -54,7 +54,7 @@ validation is required. The default value is 2. These are not named safe prime groups so setting this value for the OpenSSL FIPS provider will instead choose a named safe prime group based on the size of I

. -=item "tls-encoded-pt" (B) +=item "encoded-pub-key" (B) Used for getting and setting the encoding of the DH public key used in a key exchange message for the TLS protocol. diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 9b195810d0..be6e507169 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -91,10 +91,11 @@ The public key value in EC point format. The private key value. -=item "tls-encoded-pt" (B) +=item "encoded-pub-key" (B) -Used for getting and setting the encoding of the EC public key used in key -exchange message for the TLS protocol. +Used for getting and setting the encoding of an EC public key. The public key +is expected to be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic +Curve Cryptography") standard. =back diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index 63760389c9..80a1a627d0 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -40,10 +40,11 @@ The public key value. The private key value. -=item "tls-encoded-pt" (B) +=item "encoded-pub-key" (B) -Used for getting and setting the encoding of the public key used in a key exchange -message for the TLS protocol. +Used for getting and setting the encoding of a public key for the B and +B key types. Public keys are expected be encoded in a format as defined by +RFC7748. =back diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4a4bd36cbe..6a50f10da7 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -261,7 +261,7 @@ extern "C" { #define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" #define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" #define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" -#define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt" +#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" #define OSSL_PKEY_PARAM_GROUP_NAME "group" #define OSSL_PKEY_PARAM_DIST_ID "distid" #define OSSL_PKEY_PARAM_PUB_KEY "pub" diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 326289a1dd..834e00b84d 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1280,9 +1280,24 @@ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, char *mdname, size_t mdname_sz); int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); -int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, - const unsigned char *pt, size_t ptlen); -size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); +/* + * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in + * preference + */ +#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ + EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) + +int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, + const unsigned char *pub, size_t publen); + +/* + * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in + * preference + */ +#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ + EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) + +size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); int EVP_CIPHER_type(const EVP_CIPHER *ctx); diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index bfd70c3962..73164672f8 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -310,7 +310,7 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, DH_size(dh))) return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; p->return_size = dh_key2buf(dh, (unsigned char **)&p->data, @@ -327,7 +327,7 @@ static const OSSL_PARAM dh_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), DH_IMEXPORTABLE_PARAMETERS, DH_IMEXPORTABLE_PUBLIC_KEY, DH_IMEXPORTABLE_PRIVATE_KEY, @@ -340,7 +340,7 @@ static const OSSL_PARAM *dh_gettable_params(void *provctx) } static const OSSL_PARAM dh_known_settable_params[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_END }; @@ -354,7 +354,7 @@ static int dh_set_params(void *key, const OSSL_PARAM params[]) DH *dh = key; const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL && (p->data_type != OSSL_PARAM_OCTET_STRING || !dh_buf2key(dh, p->data, p->data_size))) diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 7508a794ad..b96d0ea538 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -650,7 +650,8 @@ int common_get_params(void *key, OSSL_PARAM params[], int sm2) goto err; } } - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + if ((p = OSSL_PARAM_locate(params, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key), POINT_CONVERSION_UNCOMPRESSED, @@ -693,7 +694,7 @@ static const OSSL_PARAM ec_known_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), EC_IMEXPORTABLE_DOM_PARAMETERS, EC2M_GETTABLE_DOM_PARAMS EC_IMEXPORTABLE_PUBLIC_KEY, @@ -712,7 +713,7 @@ const OSSL_PARAM *ec_gettable_params(void *provctx) static const OSSL_PARAM ec_known_settable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_END }; @@ -728,7 +729,7 @@ int ec_set_params(void *key, const OSSL_PARAM params[]) EC_KEY *eck = key; const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); int ret = 1; @@ -756,7 +757,7 @@ static const OSSL_PARAM sm2_known_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), EC_IMEXPORTABLE_DOM_PARAMETERS, EC_IMEXPORTABLE_PUBLIC_KEY, OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0), @@ -772,7 +773,7 @@ const OSSL_PARAM *sm2_gettable_params(ossl_unused void *provctx) } static const OSSL_PARAM sm2_known_settable_params[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_END }; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index f4e59b3322..16ffc3126c 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -265,7 +265,7 @@ static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits, if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, size)) return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL && (ecx->type == ECX_KEY_TYPE_X25519 || ecx->type == ECX_KEY_TYPE_X448)) { if (!OSSL_PARAM_set_octet_string(p, ecx->pubkey, ecx->keylen)) @@ -317,7 +317,7 @@ static const OSSL_PARAM ecx_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END }; @@ -369,7 +369,7 @@ static int ecx_set_params(void *key, const OSSL_PARAM params[]) ECX_KEY *ecxkey = key; const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { void *buf = ecxkey->pubkey; @@ -412,7 +412,7 @@ static int ed448_set_params(void *key, const OSSL_PARAM params[]) } static const OSSL_PARAM ecx_settable_params[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_END }; diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 15cd622ed5..351d695af8 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -647,8 +647,8 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) } /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key, - &encoded_point); + encodedlen = EVP_PKEY_get1_encoded_public_key(key_share_key, + &encoded_point); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB); goto err; @@ -1916,8 +1916,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt))) { + if (EVP_PKEY_set1_encoded_public_key(skey, PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_ECPOINT); EVP_PKEY_free(skey); diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index eb24d0a19e..cf4937125f 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -713,9 +713,9 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->s3.group_id = group_id; - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, + if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt))) { + PACKET_remaining(&encoded_pt)) <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT); return 0; @@ -1751,7 +1751,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } /* Generate encoding of server key */ - encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); + encoded_pt_len = EVP_PKEY_get1_encoded_public_key(skey, &encodedPoint); if (encoded_pt_len == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ba57d31428..f896e19d40 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2235,9 +2235,9 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt))) { + if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT); return 0; @@ -3147,7 +3147,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) } /* Generate encoding of client key */ - encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint); + encoded_pt_len = EVP_PKEY_get1_encoded_public_key(ckey, &encodedPoint); if (encoded_pt_len == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2da037a248..81cea6db37 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2633,8 +2633,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, - &encodedPoint); + encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, + &encodedPoint); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB); @@ -3216,7 +3216,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) goto err; } - if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) { + if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); goto err; diff --git a/test/tls-provider.c b/test/tls-provider.c index 86d204240b..d3188d0c20 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -476,7 +476,8 @@ static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[]) && !OSSL_PARAM_set_int(p, xor_group.secbits)) return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + if ((p = OSSL_PARAM_locate(params, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; p->return_size = XOR_KEY_SIZE; @@ -490,7 +491,7 @@ static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[]) static const OSSL_PARAM xor_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_END }; @@ -504,7 +505,7 @@ static int xor_set_params(void *vkey, const OSSL_PARAM params[]) XORKEY *key = vkey; const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING || p->data_size != XOR_KEY_SIZE) @@ -517,7 +518,7 @@ static int xor_set_params(void *vkey, const OSSL_PARAM params[]) } static const OSSL_PARAM xor_known_settable_params[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_END }; diff --git a/util/libcrypto.num b/util/libcrypto.num index 6c0fae783b..4fa6d9e50e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4046,8 +4046,8 @@ X509_STORE_lock 4134 3_0_0 EXIST::FUNCTION: X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION: X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION: DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA -EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 NOEXIST::FUNCTION: +EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 NOEXIST::FUNCTION: ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION: X509_SIG_getm 4141 3_0_0 EXIST::FUNCTION: X509_get0_serialNumber 4142 3_0_0 EXIST::FUNCTION: @@ -5290,3 +5290,5 @@ OSSL_DECODER_from_data ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_to_data ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_libctx ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_propq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set1_encoded_public_key ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get1_encoded_public_key ? 3_0_0 EXIST::FUNCTION: -- 2.39.2