[openssl] master update
Richard Levitte
levitte at openssl.org
Fri Jan 17 08:07:38 UTC 2020
The branch master has been updated
via 806253f31f663594c70e10862f0743530a75e094 (commit)
via f17268d0d05add0240dcfdbb91d522aa7b10c790 (commit)
via 03d65ca2095777cf6314ad813eb7de5779c9b93d (commit)
via 6942a0d6feb8d3dcbbc6a1ec6be9de7ab2df1530 (commit)
via 81a624f2c215eb9def0917184b026b2e2db2dd54 (commit)
via 9e5aaf78868ca2f4d65d3bb1f9246659a6522241 (commit)
via 6508e858836020622efff5dd4be3fa4530d1584b (commit)
from e4a1d0230016d090ba78bc7092384315f85b0e72 (commit)
- Log -----------------------------------------------------------------
commit 806253f31f663594c70e10862f0743530a75e094
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jan 13 12:28:05 2020 +0100
DSA: Move DSA_security_bits() and DSA_bits()
... to make them accessible from the FIPS provider module.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit f17268d0d05add0240dcfdbb91d522aa7b10c790
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Jan 12 01:23:43 2020 +0100
Add CHANGES entry regarding the documentation of EVP_PKEY_size() et al
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit 03d65ca2095777cf6314ad813eb7de5779c9b93d
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 8 11:08:06 2020 +0100
DOC: Make EVP_SignInit.pod conform with man-pages(7)
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit 6942a0d6feb8d3dcbbc6a1ec6be9de7ab2df1530
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 8 11:04:15 2020 +0100
DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
We change the description to be about the key rather than the
signature. How the key size is related to the signature is explained
in the description of EVP_SignFinal() anyway.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit 81a624f2c215eb9def0917184b026b2e2db2dd54
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 8 03:50:33 2020 +0100
TEST: Adapt test/evp_pkey_provided_test.c to check the key size
This is for the case where we build keys from user data
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit 9e5aaf78868ca2f4d65d3bb1f9246659a6522241
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 8 03:49:08 2020 +0100
PROV: Adapt the RSA, DSA and DH KEYMGMT implementations
They now all respond to requests for key size, bits and security bits.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
commit 6508e858836020622efff5dd4be3fa4530d1584b
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 8 03:44:28 2020 +0100
EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys
These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys. This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).
The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 6 ++
crypto/dsa/dsa_lib.c | 23 ++++---
crypto/evp/evp_local.h | 5 ++
crypto/evp/keymgmt_lib.c | 89 +++++++++++++++++++++++----
crypto/evp/keymgmt_meth.c | 26 +++++++-
crypto/evp/p_lib.c | 22 ++++---
doc/man3/EVP_PKEY_size.pod | 80 ++++++++++++++++++++++++
doc/man3/EVP_SignInit.pod | 42 +++++--------
doc/man7/provider-keymgmt.pod | 72 ++++++++++++++++++++--
include/crypto/evp.h | 16 +++++
include/openssl/core_names.h | 5 ++
include/openssl/core_numbers.h | 17 ++++-
providers/implementations/keymgmt/dh_kmgmt.c | 40 ++++++++++++
providers/implementations/keymgmt/dsa_kmgmt.c | 44 +++++++++++--
providers/implementations/keymgmt/rsa_kmgmt.c | 19 ++++++
test/evp_pkey_provided_test.c | 10 ++-
util/missingcrypto.txt | 1 -
17 files changed, 443 insertions(+), 74 deletions(-)
create mode 100644 doc/man3/EVP_PKEY_size.pod
diff --git a/CHANGES b/CHANGES
index 3661a4f263..2b281f8da9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,12 @@
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
+ *) Enhanced the documentation of EVP_PKEY_size(), EVP_PKEY_bits()
+ and EVP_PKEY_security_bits(). Especially EVP_PKEY_size() needed
+ a new formulation to include all the things it can be used for,
+ as well as words of caution.
+ [Richard Levitte]
+
*) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
SHA384, SHA512 and Whirlpool digest functions have been deprecated.
These include:
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 10e88c16bf..976eb622aa 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -29,13 +29,6 @@ void *DSA_get_ex_data(DSA *d, int idx)
return CRYPTO_get_ex_data(&d->ex_data, idx);
}
-int DSA_security_bits(const DSA *d)
-{
- if (d->p && d->q)
- return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
- return -1;
-}
-
#ifndef OPENSSL_NO_DH
DH *DSA_dup_DH(const DSA *r)
{
@@ -139,11 +132,6 @@ ENGINE *DSA_get0_engine(DSA *d)
return d->engine;
}
-int DSA_bits(const DSA *dsa)
-{
- return BN_num_bits(dsa->p);
-}
-
int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
{
/*
@@ -351,3 +339,14 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
return 1;
}
+int DSA_security_bits(const DSA *d)
+{
+ if (d->p && d->q)
+ return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+ return -1;
+}
+
+int DSA_bits(const DSA *dsa)
+{
+ return BN_num_bits(dsa->p);
+}
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index de73267c98..0feace2aa5 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -80,6 +80,8 @@ struct evp_keymgmt_st {
OSSL_OP_keymgmt_exportdomparams_fn *exportdomparams;
OSSL_OP_keymgmt_importdomparam_types_fn *importdomparam_types;
OSSL_OP_keymgmt_exportdomparam_types_fn *exportdomparam_types;
+ OSSL_OP_keymgmt_get_domparam_params_fn *get_domparam_params;
+ OSSL_OP_keymgmt_gettable_domparam_params_fn *gettable_domparam_params;
/* Key routines */
OSSL_OP_keymgmt_importkey_fn *importkey;
@@ -89,6 +91,9 @@ struct evp_keymgmt_st {
OSSL_OP_keymgmt_exportkey_fn *exportkey;
OSSL_OP_keymgmt_importkey_types_fn *importkey_types;
OSSL_OP_keymgmt_exportkey_types_fn *exportkey_types;
+ OSSL_OP_keymgmt_get_key_params_fn *get_key_params;
+ OSSL_OP_keymgmt_gettable_key_params_fn *gettable_key_params;
+
OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name;
} /* EVP_KEYMGMT */ ;
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 4163bca5bb..53610d3ef8 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -132,12 +133,7 @@ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
*/
j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
- if (provdata != NULL) {
- EVP_KEYMGMT_up_ref(keymgmt);
- pk->pkeys[i].keymgmt = keymgmt;
- pk->pkeys[i].provdata = provdata;
- pk->pkeys[i].domainparams = want_domainparams;
- }
+ evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams);
return provdata;
}
@@ -161,6 +157,49 @@ void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
keymgmt->freekey(provdata);
EVP_KEYMGMT_free(keymgmt);
}
+
+ pk->cache.size = 0;
+ pk->cache.bits = 0;
+ pk->cache.security_bits = 0;
+ }
+}
+
+void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt,
+ void *provdata, int domainparams)
+{
+ if (provdata != NULL) {
+ EVP_KEYMGMT_up_ref(keymgmt);
+ pk->pkeys[index].keymgmt = keymgmt;
+ pk->pkeys[index].provdata = provdata;
+ pk->pkeys[index].domainparams = domainparams;
+
+ /*
+ * Cache information about the domain parameters or key. Only needed
+ * for the "original" provider side key.
+ *
+ * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
+ */
+ if (index == 0) {
+ int ok;
+ int bits = 0;
+ int security_bits = 0;
+ int size = 0;
+ OSSL_PARAM params[4];
+
+ params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
+ params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
+ &security_bits);
+ params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
+ params[3] = OSSL_PARAM_construct_end();
+ ok = domainparams
+ ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params)
+ : evp_keymgmt_get_key_params(keymgmt, provdata, params);
+ if (ok) {
+ pk->cache.size = size;
+ pk->cache.bits = bits;
+ pk->cache.security_bits = security_bits;
+ }
+ }
}
}
@@ -173,12 +212,7 @@ void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
: keymgmt->importkey(provctx, params);
evp_keymgmt_clear_pkey_cache(target);
- if (provdata != NULL) {
- EVP_KEYMGMT_up_ref(keymgmt);
- target->pkeys[0].keymgmt = keymgmt;
- target->pkeys[0].provdata = provdata;
- target->pkeys[0].domainparams = domainparams;
- }
+ evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams);
return provdata;
}
@@ -228,6 +262,22 @@ const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
return keymgmt->exportdomparam_types();
}
+int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt,
+ void *provdomparams, OSSL_PARAM params[])
+{
+ if (keymgmt->get_domparam_params == NULL)
+ return 1;
+ return keymgmt->get_domparam_params(provdomparams, params);
+}
+
+const OSSL_PARAM *
+evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt)
+{
+ if (keymgmt->gettable_domparam_params == NULL)
+ return NULL;
+ return keymgmt->gettable_domparam_params();
+}
+
void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[])
@@ -277,3 +327,18 @@ const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
{
return keymgmt->exportkey_types();
}
+
+int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt,
+ void *provkey, OSSL_PARAM params[])
+{
+ if (keymgmt->get_key_params == NULL)
+ return 1;
+ return keymgmt->get_key_params(provkey, params);
+}
+
+const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt)
+{
+ if (keymgmt->gettable_key_params == NULL)
+ return NULL;
+ return keymgmt->gettable_key_params();
+}
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index 03d1686cf3..ae1f10e6b3 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -81,6 +81,16 @@ static void *keymgmt_from_dispatch(int name_id,
keymgmt->exportdomparam_types =
OSSL_get_OP_keymgmt_exportdomparam_types(fns);
break;
+ case OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS:
+ if (keymgmt->get_domparam_params == NULL)
+ keymgmt->get_domparam_params =
+ OSSL_get_OP_keymgmt_get_domparam_params(fns);
+ break;
+ case OSSL_FUNC_KEYMGMT_GETTABLE_DOMPARAM_PARAMS:
+ if (keymgmt->gettable_domparam_params == NULL)
+ keymgmt->gettable_domparam_params =
+ OSSL_get_OP_keymgmt_gettable_domparam_params(fns);
+ break;
case OSSL_FUNC_KEYMGMT_IMPORTKEY:
if (keymgmt->importkey != NULL)
break;
@@ -118,6 +128,16 @@ static void *keymgmt_from_dispatch(int name_id,
keymgmt->exportkey_types =
OSSL_get_OP_keymgmt_exportkey_types(fns);
break;
+ case OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS:
+ if (keymgmt->get_key_params == NULL)
+ keymgmt->get_key_params =
+ OSSL_get_OP_keymgmt_get_key_params(fns);
+ break;
+ case OSSL_FUNC_KEYMGMT_GETTABLE_KEY_PARAMS:
+ if (keymgmt->gettable_key_params == NULL)
+ keymgmt->gettable_key_params =
+ OSSL_get_OP_keymgmt_gettable_key_params(fns);
+ break;
case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
if (keymgmt->query_operation_name != NULL)
break;
@@ -143,10 +163,14 @@ static void *keymgmt_from_dispatch(int name_id,
&& keymgmt->importdomparams == NULL)
|| (keymgmt->exportdomparam_types != NULL
&& keymgmt->exportdomparams == NULL)
+ || (keymgmt->gettable_domparam_params != NULL
+ && keymgmt->get_domparam_params == NULL)
|| (keymgmt->importkey_types != NULL
&& keymgmt->importkey == NULL)
|| (keymgmt->exportkey_types != NULL
- && keymgmt->exportkey == NULL)) {
+ && keymgmt->exportkey == NULL)
+ || (keymgmt->gettable_key_params != NULL
+ && keymgmt->get_key_params == NULL)) {
EVP_KEYMGMT_free(keymgmt);
EVPerr(0, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 5c11ce1b6a..2e0890cac5 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -34,8 +34,12 @@ static void evp_pkey_free_it(EVP_PKEY *key);
int EVP_PKEY_bits(const EVP_PKEY *pkey)
{
- if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
- return pkey->ameth->pkey_bits(pkey);
+ if (pkey != NULL) {
+ if (pkey->ameth == NULL)
+ return pkey->cache.bits;
+ else if (pkey->ameth->pkey_bits)
+ return pkey->ameth->pkey_bits(pkey);
+ }
return 0;
}
@@ -43,7 +47,9 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
{
if (pkey == NULL)
return 0;
- if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
+ if (pkey->ameth == NULL)
+ return pkey->cache.security_bits;
+ if (pkey->ameth->pkey_security_bits == NULL)
return -2;
return pkey->ameth->pkey_security_bits(pkey);
}
@@ -811,11 +817,13 @@ void EVP_PKEY_free(EVP_PKEY *x)
OPENSSL_free(x);
}
-/* TODO (3.0) : Needs to call getparams fo non legacy case */
int EVP_PKEY_size(const EVP_PKEY *pkey)
{
- if (pkey && pkey->ameth && pkey->ameth->pkey_size)
- return pkey->ameth->pkey_size(pkey);
+ if (pkey != NULL) {
+ if (pkey->ameth == NULL)
+ return pkey->cache.size;
+ else if (pkey->ameth->pkey_size != NULL)
+ return pkey->ameth->pkey_size(pkey);
+ }
return 0;
}
-
diff --git a/doc/man3/EVP_PKEY_size.pod b/doc/man3/EVP_PKEY_size.pod
new file mode 100644
index 0000000000..786c503914
--- /dev/null
+++ b/doc/man3/EVP_PKEY_size.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits
+- EVP_PKEY information functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_size(const EVP_PKEY *pkey);
+ int EVP_PKEY_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_size() returns the maximum suitable size for the output
+buffers for almost all operations that can be done with I<pkey>.
+The primary documented use is with L<EVP_SignFinal(3)> and
+L<EVP_SealInit(3)>, but it isn't limited there. The returned size is
+also large enough for the output buffer of L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)>, L<EVP_PKEY_derive(3)>.
+
+It must be stressed that, unless the documentation for the operation
+that's being performed says otherwise, the size returned by
+EVP_PKEY_size() is only preliminary and not exact, so the final
+contents of the target buffer may be smaller. It is therefore crucial
+to take note of the size given back by the function that performs the
+operation, such as L<EVP_PKEY_sign(3)> (the I<siglen> argument will
+receive that length), to avoid bugs.
+
+EVP_PKEY_bits() returns the cryptographic length of the cryptosystem
+to which the key in I<pkey> belongs, in bits. Note that the definition
+of cryptographic length is specific to the key cryptosystem.
+
+EVP_PKEY_security_bits() returns the number of security bits of the given
+I<pkey>, bits of security is defined in NIST SP800-57.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a
+positive number, or 0 if this size isn't available.
+
+=head1 NOTES
+
+Most functions that have an output buffer and are mentioned with
+EVP_PKEY_size() have a functionality where you can pass NULL for the
+buffer and still pass a pointer to an integer and get the exact size
+that this function call delivers in the context that it's called in.
+This allows those functions to be called twice, once to find out the
+exact buffer size, then allocate the buffer in between, and call that
+function again actually output the data. For those functions, it
+isn't strictly necessary to call EVP_PKEY_size() to find out the
+buffer size, but may be useful in cases where it's desirable to know
+the upper limit in advance.
+
+It should also be especially noted that EVP_PKEY_size() shouldn't be
+used to get the output size for EVP_DigestSignFinal(), according to
+L<EVP_DigestSignFinal(3)/NOTES>.
+
+=head1 SEE ALSO
+
+L<EVP_SignFinal(3)>,
+L<EVP_SealInit(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod
index 3dad4f105a..deb1e4df3f 100644
--- a/doc/man3/EVP_SignInit.pod
+++ b/doc/man3/EVP_SignInit.pod
@@ -2,10 +2,8 @@
=head1 NAME
-EVP_PKEY_size,
-EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal,
-EVP_PKEY_security_bits - EVP signing
-functions
+EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal
+- EVP signing functions
=head1 SYNOPSIS
@@ -17,49 +15,36 @@ functions
void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_PKEY_size(const EVP_PKEY *pkey);
- int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-
=head1 DESCRIPTION
The EVP signature routines are a high level interface to digital
signatures.
-EVP_SignInit_ex() sets up signing context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be created with
+EVP_SignInit_ex() sets up signing context I<ctx> to use digest
+I<type> from B<ENGINE> I<impl>. I<ctx> must be created with
EVP_MD_CTX_new() before calling this function.
-EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
+EVP_SignUpdate() hashes I<cnt> bytes of data at I<d> into the
+signature context I<ctx>. This function can be called several times on the
+same I<ctx> to include additional data.
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
-bytes in size. B<s> is an OUT parameter, and not used as an IN parameter.
+EVP_SignFinal() signs the data in I<ctx> using the private key I<pkey> and
+places the signature in I<sig>. I<sig> must be at least C<EVP_PKEY_size(pkey)>
+bytes in size. I<s> is an OUT parameter, and not used as an IN parameter.
The number of bytes of data written (i.e. the length of the signature)
-will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written to the integer at I<s>, at most C<EVP_PKEY_size(pkey)> bytes
will be written.
-EVP_SignInit() initializes a signing context B<ctx> to use the default
-implementation of digest B<type>.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-
-EVP_PKEY_security_bits() returns the number of security bits of the given B<pkey>,
-bits of security is defined in NIST SP800-57.
+EVP_SignInit() initializes a signing context I<ctx> to use the default
+implementation of digest I<type>.
=head1 RETURN VALUES
EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
for success and 0 for failure.
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-
The error codes can be obtained by L<ERR_get_error(3)>.
-EVP_PKEY_security_bits() returns the number of security bits.
-
=head1 NOTES
The B<EVP> interface to digital signatures should almost always be used in
@@ -95,6 +80,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
=head1 SEE ALSO
+L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)>,
L<EVP_VerifyInit(3)>,
L<EVP_DigestInit(3)>,
L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod
index 1c868c5630..adc1978a36 100644
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@@ -26,6 +26,10 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
const OSSL_PARAM *OP_keymgmt_importdomparam_types(void);
const OSSL_PARAM *OP_keymgmt_exportdomparam_types(void);
+ /* Key domain parameter information */
+ int OP_keymgmt_get_domparam_params(void *domparams, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_gettable_domparam_params(void);
+
/* Key creation and destruction */
void *OP_keymgmt_importkey(void *provctx, const OSSL_PARAM params[]);
void *OP_keymgmt_genkey(void *provctx,
@@ -40,6 +44,10 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
const OSSL_PARAM *OP_keymgmt_importkey_types(void);
const OSSL_PARAM *OP_keymgmt_exportkey_types(void);
+ /* Key information */
+ int OP_keymgmt_get_key_params(void *key, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_gettable_key_params(void);
+
/* Discovery of supported operations */
const char *OP_keymgmt_query_operation_name(int operation_id);
@@ -84,6 +92,9 @@ macros in L<openssl-core_numbers.h(7)>, as follows:
OP_keymgmt_exportdomparams OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS
OP_keymgmt_importdomparam_types OSSL_FUNC_KEYMGMT_IMPORTDOMPARAM_TYPES
OP_keymgmt_exportdomparam_types OSSL_FUNC_KEYMGMT_EXPORTDOMPARAM_TYPES
+ OP_keymgmt_get_domparam_params OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS
+ OP_keymgmt_gettable_domparam_params
+ OSSL_FUNC_KEYMGMT_GETTABLE_DOMPARAM_PARAMS
OP_keymgmt_importkey OSSL_FUNC_KEYMGMT_IMPORTKEY
OP_keymgmt_genkey OSSL_FUNC_KEYMGMT_GENKEY
@@ -92,6 +103,10 @@ macros in L<openssl-core_numbers.h(7)>, as follows:
OP_keymgmt_exportkey OSSL_FUNC_KEYMGMT_EXPORTKEY
OP_keymgmt_importkey_types OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES
OP_keymgmt_exportkey_types OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES
+ OP_keymgmt_get_key_params OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS
+ OP_keymgmt_gettable_key_params OSSL_FUNC_KEYMGMT_GETTABLE_KEY_PARAMS
+
+ OP_keymgmt_query_operation_name OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME
=head2 Domain Parameter Functions
@@ -116,13 +131,18 @@ OP_keymgmt_importdomparam_types() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_importdomparams()
can handle.
-=for comment There should be one corresponding to OP_keymgmt_gendomparams()
-as well...
-
OP_keymgmt_exportdomparam_types() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that can be exported with
OP_keymgmt_exportdomparams().
+OP_keymgmt_get_domparam_params() should extract information data
+associated with the given I<domparams>,
+see L</Information Parameters>.
+
+OP_keymgmt_gettable_domparam_params() should return a constant array
+of descriptor B<OSSL_PARAM>, for parameters that
+OP_keymgmt_get_domparam_params() can handle.
+
=head2 Key functions
OP_keymgmt_importkey() should create a provider side structure
@@ -154,13 +174,17 @@ OP_keymgmt_importkey_types() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_importkey()
can handle.
-=for comment There should be one corresponding to OP_keymgmt_genkey()
-as well...
-
OP_keymgmt_exportkey_types() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that can be exported with
OP_keymgmt_exportkeys().
+OP_keymgmt_get_key_params() should extract information data associated
+with the given I<key>, see L</Information Parameters>.
+
+OP_keymgmt_gettable_key_params() should return a constant array of
+descriptor B<OSSL_PARAM>, for parameters that
+OP_keymgmt_get_key_params() can handle.
+
=head2 Supported operations
OP_keymgmt_query_operation_name() should return the name of the
@@ -171,6 +195,42 @@ returns NULL, the caller is free to assume that there's an algorithm
from the same provider, of the same name as the one used to fetch the
keymgmt and try to use that.
+=head2 Information Parameters
+
+See L<OSSL_PARAM(3)> for further details on the parameters structure.
+
+Parameters currently recognised by built-in keymgmt algorithms'
+OP_keymgmt_get_domparams_params() and OP_keymgmt_get_key_params()
+are:
+
+=over 4
+
+=item "bits" (B<OSSL_PKEY_PARAM_BITS>) <integer>
+
+The value should be the cryptographic length of the cryptosystem to
+which the key belongs, in bits. The definition of cryptographic
+length is specific to the key cryptosystem.
+
+=item "max-size" (B<OSSL_PKEY_PARAM_MAX_SIZE>) <integer>
+
+The value should be the maximum size that a caller should allocate to
+safely store a signature (called I<sig> in L<provider-signature(7)>),
+the result of asymmmetric encryption / decryption (I<out> in
+L<provider-asym_cipher(7)>, a derived secret (I<secret> in
+L<provider-keyexch(7)>, and similar data).
+
+Because an EVP_KEYMGMT method is always tightly bound to another method
+(signature, asymmetric cipher, key exchange, ...) and must be of the
+same provider, this number only needs to be synchronised with the
+dimensions handled in the rest of the same provider.
+
+=item "security-bits" (B<OSSL_PKEY_PARAM_SECURITY_BITS>) <integer>
+
+The value should be the number of security bits of the given key.
+Bits of security is defined in SP800-57.
+
+=back
+
=head1 SEE ALSO
L<provider(7)>
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 91f535093d..b3d1f7d21c 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -565,6 +565,13 @@ struct evp_pkey_st {
* a copy of that key's dirty count.
*/
size_t dirty_cnt_copy;
+
+ /* Cache of domain parameter / key information */
+ struct {
+ int bits;
+ int security_bits;
+ int size;
+ } cache;
} /* EVP_PKEY */ ;
#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \
@@ -590,6 +597,8 @@ void evp_app_cleanup_int(void);
void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
int domainparams);
void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk);
+void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt,
+ void *provdata, int domainparams);
void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[], int domainparams);
@@ -608,6 +617,10 @@ const OSSL_PARAM *
evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *
evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt);
+int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt,
+ void *provdomparam, OSSL_PARAM params[]);
+const OSSL_PARAM *
+evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt);
void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[]);
@@ -620,6 +633,9 @@ int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
OSSL_CALLBACK *param_cb, void *cbarg);
const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt);
+int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt,
+ void *provkey, OSSL_PARAM params[]);
+const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt);
/* Pulling defines out of C source files */
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 0bc51b3589..a347d96712 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -154,6 +154,11 @@ extern "C" {
#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
/* PKEY parameters */
+/* Common PKEY parameters */
+#define OSSL_PKEY_PARAM_BITS "bits" /* integer */
+#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */
+#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */
+
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
#define OSSL_PKEY_PARAM_FFC_G "g"
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index f41f7c02d0..0a809ded15 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -371,6 +371,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importdomparam_types,
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportdomparam_types,
(void))
+/* Key domain parameter information */
+#define OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS 7
+#define OSSL_FUNC_KEYMGMT_GETTABLE_DOMPARAM_PARAMS 8
+OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_domparam_params,
+ (void *domparam, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_domparam_params,
+ (void))
+
/* Key creation and destruction */
# define OSSL_FUNC_KEYMGMT_IMPORTKEY 10
# define OSSL_FUNC_KEYMGMT_GENKEY 11
@@ -400,8 +408,15 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportkey,
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importkey_types, (void))
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void))
+/* Key information */
+#define OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS 17
+#define OSSL_FUNC_KEYMGMT_GETTABLE_KEY_PARAMS 18
+OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_key_params,
+ (void *key, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_key_params, (void))
+
/* Discovery of supported operations */
-# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 17
+# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20
OSSL_CORE_MAKE_FUNC(const char *,OP_keymgmt_query_operation_name,
(int operation_id))
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index c38c5f2bd5..c385d81044 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -18,8 +18,10 @@
static OSSL_OP_keymgmt_importdomparams_fn dh_importdomparams;
static OSSL_OP_keymgmt_exportdomparams_fn dh_exportdomparams;
+static OSSL_OP_keymgmt_get_key_params_fn dh_get_domparam_params;
static OSSL_OP_keymgmt_importkey_fn dh_importkey;
static OSSL_OP_keymgmt_exportkey_fn dh_exportkey;
+static OSSL_OP_keymgmt_get_key_params_fn dh_get_key_params;
static int params_to_domparams(DH *dh, const OSSL_PARAM params[])
{
@@ -185,6 +187,41 @@ static int dh_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
return ret;
}
+/*
+ * Same function for domain parameters and for keys.
+ * "dpk" = "domain parameters & keys"
+ */
+static ossl_inline int dh_get_dpk_params(void *key, OSSL_PARAM params[])
+{
+ DH *dh = key;
+ OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, DH_bits(dh)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, DH_security_bits(dh)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
+ && !OSSL_PARAM_set_int(p, DH_size(dh)))
+ return 0;
+ return 1;
+}
+
+/*
+ * We have wrapper functions to make sure we get signatures right, see
+ * the forward declarations at the beginning of this file.
+ */
+static int dh_get_domparam_params(void *domparams, OSSL_PARAM params[])
+{
+ return dh_get_dpk_params(domparams, params);
+}
+
+static int dh_get_key_params(void *key, OSSL_PARAM params[])
+{
+ return dh_get_dpk_params(key, params);
+}
+
const OSSL_DISPATCH dh_keymgmt_functions[] = {
/*
* TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also
@@ -192,9 +229,12 @@ const OSSL_DISPATCH dh_keymgmt_functions[] = {
*/
{ OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dh_importdomparams },
{ OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dh_exportdomparams },
+ { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
+ (void (*) (void))dh_get_domparam_params },
{ OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DH_free },
{ OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dh_importkey },
{ OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dh_exportkey },
{ OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DH_free },
+ { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))dh_get_key_params },
{ 0, NULL }
};
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 41e9bca8a6..c2c3c2221a 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -19,8 +19,10 @@
static OSSL_OP_keymgmt_importdomparams_fn dsa_importdomparams;
static OSSL_OP_keymgmt_exportdomparams_fn dsa_exportdomparams;
+static OSSL_OP_keymgmt_get_domparam_params_fn dsa_get_domparam_params;
static OSSL_OP_keymgmt_importkey_fn dsa_importkey;
static OSSL_OP_keymgmt_exportkey_fn dsa_exportkey;
+static OSSL_OP_keymgmt_get_key_params_fn dsa_get_key_params;
static int params_to_domparams(DSA *dsa, const OSSL_PARAM params[])
{
@@ -191,16 +193,50 @@ static int dsa_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
return ret;
}
+/*
+ * Same function for domain parameters and for keys.
+ * "dpk" = "domain parameters & keys"
+ */
+static ossl_inline int dsa_get_dpk_params(void *key, OSSL_PARAM params[])
+{
+ DSA *dsa = key;
+ OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, DSA_bits(dsa)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, DSA_security_bits(dsa)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
+ && !OSSL_PARAM_set_int(p, DSA_size(dsa)))
+ return 0;
+ return 1;
+}
+
+/*
+ * We have wrapper functions to make sure we get signatures right, see
+ * the forward declarations at the beginning of this file.
+ */
+static int dsa_get_domparam_params(void *domparams, OSSL_PARAM params[])
+{
+ return dsa_get_dpk_params(domparams, params);
+}
+
+static int dsa_get_key_params(void *key, OSSL_PARAM params[])
+{
+ return dsa_get_dpk_params(key, params);
+}
+
const OSSL_DISPATCH dsa_keymgmt_functions[] = {
- /*
- * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also
- * implement OSSL_FUNC_KEYMGMT_EXPORTKEY.
- */
{ OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dsa_importdomparams },
{ OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dsa_exportdomparams },
{ OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DSA_free },
+ { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
+ (void (*) (void))dsa_get_domparam_params },
{ OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dsa_importkey },
{ OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dsa_exportkey },
{ OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free },
+ { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))dsa_get_key_params },
{ 0, NULL }
};
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 451f227775..a1f81041b8 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -20,6 +20,7 @@
static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
+static OSSL_OP_keymgmt_get_key_params_fn rsa_get_key_params;
DEFINE_STACK_OF(BIGNUM)
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
@@ -244,11 +245,29 @@ static const OSSL_PARAM *rsa_importkey_types(void)
return rsa_key_types;
}
+static int rsa_get_key_params(void *key, OSSL_PARAM params[])
+{
+ RSA *rsa = key;
+ OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, RSA_bits(rsa)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
+ && !OSSL_PARAM_set_int(p, RSA_size(rsa)))
+ return 0;
+ return 1;
+}
+
const OSSL_DISPATCH rsa_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
{ OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
{ OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
{ OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
{ OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
+ { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))rsa_get_key_params },
{ 0, NULL }
};
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 029a8e425a..8101585d95 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -126,7 +126,10 @@ static int test_fromdata_rsa(void)
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
- || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+ || !TEST_int_eq(EVP_PKEY_bits(pk), 32)
+ || !TEST_int_eq(EVP_PKEY_security_bits(pk), 8)
+ || !TEST_int_eq(EVP_PKEY_size(pk), 4))
goto err;
ret = test_print_key_using_pem(pk)
@@ -176,7 +179,10 @@ static int test_fromdata_dh(void)
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
- || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+ || !TEST_int_eq(EVP_PKEY_bits(pk), 32)
+ || !TEST_int_eq(EVP_PKEY_security_bits(pk), 0) /* Missing Q */
+ || !TEST_int_eq(EVP_PKEY_size(pk), 4))
goto err;
ret = test_print_key_using_pem(pk)
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 7f1cf49ab3..954cfc4523 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -503,7 +503,6 @@ EVP_PKEY_add1_attr_by_NID(3)
EVP_PKEY_add1_attr_by_OBJ(3)
EVP_PKEY_add1_attr_by_txt(3)
EVP_PKEY_assign(3)
-EVP_PKEY_bits(3)
EVP_PKEY_decrypt_old(3)
EVP_PKEY_delete_attr(3)
EVP_PKEY_encrypt_old(3)
More information about the openssl-commits
mailing list