From 155fc997b5390fc97ee936c04ddabc55c90ada2b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 16 Oct 2025 15:48:07 -0400 Subject: [PATCH] exchange: Use include file for generated code Signed-off-by: Simo Sorce Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28838) --- .gitignore | 6 ++-- build.info | 24 +++++++------- .../exchange/{dh_exch.c.in => dh_exch.c} | 25 +------------- .../implementations/exchange/dh_exch.inc.in | 33 +++++++++++++++++++ .../exchange/{ecdh_exch.c.in => ecdh_exch.c} | 25 +------------- .../implementations/exchange/ecdh_exch.inc.in | 33 +++++++++++++++++++ .../exchange/{ecx_exch.c.in => ecx_exch.c} | 11 +++---- .../implementations/exchange/ecx_exch.inc.in | 16 +++++++++ 8 files changed, 104 insertions(+), 69 deletions(-) rename providers/implementations/exchange/{dh_exch.c.in => dh_exch.c} (90%) create mode 100644 providers/implementations/exchange/dh_exch.inc.in rename providers/implementations/exchange/{ecdh_exch.c.in => ecdh_exch.c} (91%) create mode 100644 providers/implementations/exchange/ecdh_exch.inc.in rename providers/implementations/exchange/{ecx_exch.c.in => ecx_exch.c} (96%) create mode 100644 providers/implementations/exchange/ecx_exch.inc.in diff --git a/.gitignore b/.gitignore index bdfca92a238..9f827a4e3cb 100644 --- a/.gitignore +++ b/.gitignore @@ -88,9 +88,9 @@ providers/common/include/prov/der_ml_dsa.h providers/common/include/prov/der_hkdf.h providers/implementations/asymciphers/rsa_enc.inc providers/implementations/asymciphers/sm2_enc.inc -providers/implementations/exchange/dh_exch.c -providers/implementations/exchange/ecdh_exch.c -providers/implementations/exchange/ecx_exch.c +providers/implementations/exchange/dh_exch.inc +providers/implementations/exchange/ecdh_exch.inc +providers/implementations/exchange/ecx_exch.inc providers/implementations/encode_decode/decode_der2key.inc providers/implementations/encode_decode/decode_epki2pki.inc providers/implementations/encode_decode/decode_pem2der.inc diff --git a/build.info b/build.info index 6f28022673d..0dc15c8d825 100644 --- a/build.info +++ b/build.info @@ -50,9 +50,9 @@ DEPEND[]=include/openssl/asn1.h \ include/crypto/bn_conf.h include/crypto/dso_conf.h \ providers/implementations/asymciphers/rsa_enc.inc \ providers/implementations/asymciphers/sm2_enc.inc \ - providers/implementations/exchange/dh_exch.c \ - providers/implementations/exchange/ecdh_exch.c \ - providers/implementations/exchange/ecx_exch.c \ + providers/implementations/exchange/dh_exch.inc \ + providers/implementations/exchange/ecdh_exch.inc \ + providers/implementations/exchange/ecx_exch.inc \ providers/implementations/encode_decode/decode_der2key.inc \ providers/implementations/encode_decode/decode_epki2pki.inc \ providers/implementations/encode_decode/decode_pem2der.inc \ @@ -168,9 +168,9 @@ GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in DEPEND[providers/implementations/asymciphers/rsa_enc.inc \ providers/implementations/asymciphers/sm2_enc.inc \ - providers/implementations/exchange/dh_exch.c \ - providers/implementations/exchange/ecdh_exch.c \ - providers/implementations/exchange/ecx_exch.c \ + providers/implementations/exchange/dh_exch.inc \ + providers/implementations/exchange/ecdh_exch.inc \ + providers/implementations/exchange/ecx_exch.inc \ providers/implementations/encode_decode/decode_der2key.inc \ providers/implementations/encode_decode/decode_epki2pki.inc \ providers/implementations/encode_decode/decode_pem2der.inc \ @@ -255,12 +255,12 @@ GENERATE[providers/implementations/asymciphers/rsa_enc.inc]=\ providers/implementations/asymciphers/rsa_enc.inc.in GENERATE[providers/implementations/asymciphers/sm2_enc.inc]=\ providers/implementations/asymciphers/sm2_enc.inc.in -GENERATE[providers/implementations/exchange/dh_exch.c]=\ - providers/implementations/exchange/dh_exch.c.in -GENERATE[providers/implementations/exchange/ecdh_exch.c]=\ - providers/implementations/exchange/ecdh_exch.c.in -GENERATE[providers/implementations/exchange/ecx_exch.c]=\ - providers/implementations/exchange/ecx_exch.c.in +GENERATE[providers/implementations/exchange/dh_exch.inc]=\ + providers/implementations/exchange/dh_exch.inc.in +GENERATE[providers/implementations/exchange/ecdh_exch.inc]=\ + providers/implementations/exchange/ecdh_exch.inc.in +GENERATE[providers/implementations/exchange/ecx_exch.inc]=\ + providers/implementations/exchange/ecx_exch.inc.in GENERATE[providers/implementations/encode_decode/decode_der2key.inc]=\ providers/implementations/encode_decode/decode_der2key.inc.in GENERATE[providers/implementations/encode_decode/decode_epki2pki.inc]=\ diff --git a/providers/implementations/exchange/dh_exch.c.in b/providers/implementations/exchange/dh_exch.c similarity index 90% rename from providers/implementations/exchange/dh_exch.c.in rename to providers/implementations/exchange/dh_exch.c index 0aa4c85bb99..8f1cd599a8c 100644 --- a/providers/implementations/exchange/dh_exch.c.in +++ b/providers/implementations/exchange/dh_exch.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * DH low level APIs are deprecated for public use, but still ok for @@ -30,6 +27,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/provider_ctx.h" #include "prov/securitycheck.h" #include "crypto/dh.h" +#include "providers/implementations/exchange/dh_exch.inc" static OSSL_FUNC_keyexch_newctx_fn dh_newctx; static OSSL_FUNC_keyexch_init_fn dh_init; @@ -341,18 +339,6 @@ err: return NULL; } -{- produce_param_decoder('dh_set_ctx_params', - (['OSSL_EXCHANGE_PARAM_PAD', 'pad', 'int'], - ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS', 'propq', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], - ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_string'], - ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - ['OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - )); -} - static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[]) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; @@ -465,15 +451,6 @@ static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *vpdhctx, return dh_set_ctx_params_list; } -{- produce_param_decoder('dh_get_ctx_params', - (['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], - ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_ptr'], - ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], - ['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *vpdhctx, ossl_unused void *provctx) { diff --git a/providers/implementations/exchange/dh_exch.inc.in b/providers/implementations/exchange/dh_exch.inc.in new file mode 100644 index 00000000000..9a031d1273d --- /dev/null +++ b/providers/implementations/exchange/dh_exch.inc.in @@ -0,0 +1,33 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('dh_set_ctx_params', + (['OSSL_EXCHANGE_PARAM_PAD', 'pad', 'int'], + ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS', 'propq', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], + ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_string'], + ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + )); -} + +{- produce_param_decoder('dh_get_ctx_params', + (['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], + ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_ptr'], + ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], + ['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/exchange/ecdh_exch.c.in b/providers/implementations/exchange/ecdh_exch.c similarity index 91% rename from providers/implementations/exchange/ecdh_exch.c.in rename to providers/implementations/exchange/ecdh_exch.c index 43e1b78d589..e970545e340 100644 --- a/providers/implementations/exchange/ecdh_exch.c.in +++ b/providers/implementations/exchange/ecdh_exch.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * ECDH low level APIs are deprecated for public use, but still ok for @@ -31,6 +28,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/implementations.h" #include "prov/securitycheck.h" #include "crypto/ec.h" /* ossl_ecdh_kdf_X9_63() */ +#include "providers/implementations/exchange/ecdh_exch.inc" static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx; static OSSL_FUNC_keyexch_init_fn ecdh_init; @@ -248,18 +246,6 @@ void *ecdh_dupctx(void *vpecdhctx) return NULL; } -{- produce_param_decoder('ecdh_set_ctx_params', - (['OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE', 'mode', 'int'], - ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS', 'propq', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], - ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_string'], - ['OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - ['OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK', 'ind_cofac', 'int', 'fips'], - )); -} - static int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) { @@ -365,15 +351,6 @@ const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *vpecdhctx, return ecdh_set_ctx_params_list; } -{- produce_param_decoder('ecdh_get_ctx_params', - (['OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE', 'mode', 'int'], - ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], - ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], - ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_ptr'], - ['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) { diff --git a/providers/implementations/exchange/ecdh_exch.inc.in b/providers/implementations/exchange/ecdh_exch.inc.in new file mode 100644 index 00000000000..9778bf6e9c9 --- /dev/null +++ b/providers/implementations/exchange/ecdh_exch.inc.in @@ -0,0 +1,33 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('ecdh_set_ctx_params', + (['OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE', 'mode', 'int'], + ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS', 'propq', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], + ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_string'], + ['OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK', 'ind_cofac', 'int', 'fips'], + )); -} + +{- produce_param_decoder('ecdh_get_ctx_params', + (['OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE', 'mode', 'int'], + ['OSSL_EXCHANGE_PARAM_KDF_TYPE', 'kdf', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_DIGEST', 'digest', 'utf8_string'], + ['OSSL_EXCHANGE_PARAM_KDF_OUTLEN', 'len', 'size_t'], + ['OSSL_EXCHANGE_PARAM_KDF_UKM', 'ukm', 'octet_ptr'], + ['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/exchange/ecx_exch.c.in b/providers/implementations/exchange/ecx_exch.c similarity index 96% rename from providers/implementations/exchange/ecx_exch.c.in rename to providers/implementations/exchange/ecx_exch.c index 5fa6595cedf..a88a677ac43 100644 --- a/providers/implementations/exchange/ecx_exch.c.in +++ b/providers/implementations/exchange/ecx_exch.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -22,6 +19,10 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/providercommon.h" #include "prov/securitycheck.h" +#ifdef FIPS_MODULE +# include "providers/implementations/exchange/ecx_exch.inc" +#endif + static OSSL_FUNC_keyexch_newctx_fn x25519_newctx; static OSSL_FUNC_keyexch_newctx_fn x448_newctx; static OSSL_FUNC_keyexch_init_fn x25519_init; @@ -181,9 +182,7 @@ static void *ecx_dupctx(void *vecxctx) } #ifdef FIPS_MODULE -{- produce_param_decoder('ecx_get_ctx_params', - (['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} + #endif static const OSSL_PARAM *ecx_gettable_ctx_params(ossl_unused void *vctx, diff --git a/providers/implementations/exchange/ecx_exch.inc.in b/providers/implementations/exchange/ecx_exch.inc.in new file mode 100644 index 00000000000..0b6787b010b --- /dev/null +++ b/providers/implementations/exchange/ecx_exch.inc.in @@ -0,0 +1,16 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('ecx_get_ctx_params', + (['OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} -- 2.47.3