[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu May 7 05:32:27 UTC 2020
The branch master has been updated
via 5e77b79a8c47f0801f656cfccfcbaaa3ca1035b4 (commit)
from 9f2058611f7aec733d4a476f4f28c895d9e5667b (commit)
- Log -----------------------------------------------------------------
commit 5e77b79a8c47f0801f656cfccfcbaaa3ca1035b4
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu May 7 15:31:05 2020 +1000
Remove gen_get_params & gen_gettable_params from keygen operation
EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation.
After adding it it was noticed that it is probably not required for this type, so instead
the gen_get_params and gen_gettable_params have been remnoved from the provider interface.
gen_get_params was only implemented for ec to get the curve name. This seems redundant
since normally you would set parameters into the keygen_init() and then generate a key.
Normally you would expect to extract data from the key - not the object that we just set up
to do the keygen.
Added a simple settable and gettable test into a test that does keygen.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11683)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_local.h | 2 --
crypto/evp/keymgmt_meth.c | 34 +------------------------
crypto/evp/pmeth_gn.c | 5 ++--
crypto/evp/pmeth_lib.c | 11 +-------
doc/man7/provider-keymgmt.pod | 12 ---------
include/crypto/evp.h | 4 ---
include/openssl/core_numbers.h | 6 ++---
providers/implementations/keymgmt/ec_kmgmt.c | 38 ----------------------------
test/dsatest.c | 5 ++++
9 files changed, 12 insertions(+), 105 deletions(-)
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 4c822aa7d3..de7d69a26c 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -86,8 +86,6 @@ struct evp_keymgmt_st {
OSSL_OP_keymgmt_gen_set_template_fn *gen_set_template;
OSSL_OP_keymgmt_gen_set_params_fn *gen_set_params;
OSSL_OP_keymgmt_gen_settable_params_fn *gen_settable_params;
- OSSL_OP_keymgmt_gen_get_params_fn *gen_get_params;
- OSSL_OP_keymgmt_gen_gettable_params_fn *gen_gettable_params;
OSSL_OP_keymgmt_gen_fn *gen;
OSSL_OP_keymgmt_gen_cleanup_fn *gen_cleanup;
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index 172dd21a71..b75d02f136 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -39,7 +39,7 @@ static void *keymgmt_from_dispatch(int name_id,
{
EVP_KEYMGMT *keymgmt = NULL;
int setparamfncnt = 0, getparamfncnt = 0;
- int setgenparamfncnt = 0, getgenparamfncnt = 0;
+ int setgenparamfncnt = 0;
int importfncnt = 0, exportfncnt = 0;
if ((keymgmt = keymgmt_new()) == NULL) {
@@ -77,20 +77,6 @@ static void *keymgmt_from_dispatch(int name_id,
OSSL_get_OP_keymgmt_gen_settable_params(fns);
}
break;
- case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
- if (keymgmt->gen_get_params == NULL) {
- getgenparamfncnt++;
- keymgmt->gen_get_params =
- OSSL_get_OP_keymgmt_gen_get_params(fns);
- }
- break;
- case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
- if (keymgmt->gen_gettable_params == NULL) {
- getgenparamfncnt++;
- keymgmt->gen_gettable_params =
- OSSL_get_OP_keymgmt_gen_gettable_params(fns);
- }
- break;
case OSSL_FUNC_KEYMGMT_GEN:
if (keymgmt->gen == NULL)
keymgmt->gen = OSSL_get_OP_keymgmt_gen(fns);
@@ -186,7 +172,6 @@ static void *keymgmt_from_dispatch(int name_id,
|| (getparamfncnt != 0 && getparamfncnt != 2)
|| (setparamfncnt != 0 && setparamfncnt != 2)
|| (setgenparamfncnt != 0 && setgenparamfncnt != 2)
- || (getgenparamfncnt != 0 && getgenparamfncnt != 2)
|| (importfncnt != 0 && importfncnt != 2)
|| (exportfncnt != 0 && exportfncnt != 2)
|| (keymgmt->gen != NULL
@@ -342,23 +327,6 @@ const OSSL_PARAM *evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt)
return keymgmt->gen_settable_params(provctx);
}
-int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
- OSSL_PARAM params[])
-{
- if (keymgmt->gen_get_params == NULL)
- return 0;
- return keymgmt->gen_get_params(genctx, params);
-}
-
-const OSSL_PARAM *evp_keymgmt_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
-{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
-
- if (keymgmt->gen_gettable_params == NULL)
- return NULL;
- return keymgmt->gen_gettable_params(provctx);
-}
-
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg)
{
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index dc1dad86ba..a775d2bee7 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -210,8 +210,9 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
char curve_name[OSSL_MAX_NAME_SIZE] = "";
- if (EVP_PKEY_CTX_get_ec_paramgen_curve_name(ctx, curve_name,
- sizeof(curve_name)) < 1
+ if (!EVP_PKEY_get_utf8_string_param(*ppkey, OSSL_PKEY_PARAM_EC_NAME,
+ curve_name, sizeof(curve_name),
+ NULL)
|| strcmp(curve_name, "SM2") != 0)
goto end;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index e262e87319..3476d83ea6 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -613,12 +613,6 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
&& ctx->op.ciph.cipher->get_ctx_params != NULL)
return ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.ciphprovctx,
params);
- if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
- && ctx->op.keymgmt.genctx != NULL
- && ctx->keymgmt != NULL
- && ctx->keymgmt->gen_get_params != NULL)
- return evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
- params);
return 0;
}
@@ -632,12 +626,10 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
&& ctx->op.sig.signature != NULL
&& ctx->op.sig.signature->gettable_ctx_params != NULL)
return ctx->op.sig.signature->gettable_ctx_params();
-
if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
&& ctx->op.ciph.cipher != NULL
&& ctx->op.ciph.cipher->gettable_ctx_params != NULL)
return ctx->op.ciph.cipher->gettable_ctx_params();
-
return NULL;
}
@@ -656,8 +648,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
&& ctx->op.ciph.cipher->settable_ctx_params != NULL)
return ctx->op.ciph.cipher->settable_ctx_params();
if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
- && ctx->keymgmt != NULL
- && ctx->keymgmt->gen_settable_params != NULL)
+ && ctx->keymgmt != NULL)
return evp_keymgmt_gen_settable_params(ctx->keymgmt);
return NULL;
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod
index 0669585b1a..4202a77b54 100644
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@@ -22,8 +22,6 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
int OP_keymgmt_gen_set_template(void *genctx, void *template);
int OP_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]);
const OSSL_PARAM *OP_keymgmt_gen_settable_params(void *provctx);
- int OP_keymgmt_gen_get_params(void *genctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *OP_keymgmt_gen_gettable_params(void *provctx);
void *OP_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg);
void OP_keymgmt_gen_cleanup(void *genctx);
@@ -93,8 +91,6 @@ macros in L<openssl-core_numbers.h(7)>, as follows:
OP_keymgmt_gen_set_template OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE
OP_keymgmt_gen_set_params OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS
OP_keymgmt_gen_settable_params OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS
- OP_keymgmt_gen_get_params OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS
- OP_keymgmt_gen_gettable_params OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS
OP_keymgmt_gen OSSL_FUNC_KEYMGMT_GEN
OP_keymgmt_gen_cleanup OSSL_FUNC_KEYMGMT_GEN_CLEANUP
@@ -213,7 +209,6 @@ OP_keymgmt_free() should free the passed I<keydata>.
OP_keymgmt_gen_init(), OP_keymgmt_gen_set_template(),
OP_keymgmt_gen_set_params(), OP_keymgmt_gen_settable_params(),
-OP_keymgmt_gen_get_params(), OP_keymgmt_gen_gettable_params(),
OP_keymgmt_gen() and OP_keymgmt_gen_cleanup() work together as a more
elaborate context based key object constructor.
@@ -235,13 +230,6 @@ OP_keymgmt_gen_settable_params() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_gen_set_params()
can handle.
-OP_keymgmt_gen_get_params() should extract information data associated
-with the key object generation context I<genctx>.
-
-OP_keymgmt_gen_gettable_params() should return a constant array of
-descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_gen_get_params()
-can handle.
-
OP_keymgmt_gen() should perform the key object generation itself, and
return the result. The callback I<cb> should be called at regular
intervals with indications on how the key object generation
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 852e82518e..ee4b6221e6 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -678,10 +678,6 @@ int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
const OSSL_PARAM params[]);
const OSSL_PARAM *
evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt);
-int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
- OSSL_PARAM params[]);
-const OSSL_PARAM *
-evp_keymgmt_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg);
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index aaf281b1fe..2cf2f27715 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -392,10 +392,8 @@ OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_new, (void *provctx))
# define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 3
# define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 4
# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5
-# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 6
-# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 7
-# define OSSL_FUNC_KEYMGMT_GEN 8
-# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 9
+# define OSSL_FUNC_KEYMGMT_GEN 6
+# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7
OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_gen_init,
(void *provctx, int selection))
OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_gen_set_template,
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 9466b4fd0b..a48b279547 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -31,8 +31,6 @@ static OSSL_OP_keymgmt_gen_init_fn ec_gen_init;
static OSSL_OP_keymgmt_gen_set_template_fn ec_gen_set_template;
static OSSL_OP_keymgmt_gen_set_params_fn ec_gen_set_params;
static OSSL_OP_keymgmt_gen_settable_params_fn ec_gen_settable_params;
-static OSSL_OP_keymgmt_gen_get_params_fn ec_gen_get_params;
-static OSSL_OP_keymgmt_gen_gettable_params_fn ec_gen_gettable_params;
static OSSL_OP_keymgmt_gen_fn ec_gen;
static OSSL_OP_keymgmt_gen_cleanup_fn ec_gen_cleanup;
static OSSL_OP_keymgmt_free_fn ec_freedata;
@@ -679,39 +677,6 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
return settable;
}
-static int ec_gen_get_params(void *genctx, OSSL_PARAM params[])
-{
- struct ec_gen_ctx *gctx = genctx;
- OSSL_PARAM *p;
-
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL) {
- int nid = EC_GROUP_get_curve_name(gctx->gen_group);
- int ret = 0;
- const char *curve_name = ec_curve_nid2name(nid);
-
- switch (p->data_type) {
- case OSSL_PARAM_UTF8_STRING:
- ret = OSSL_PARAM_set_utf8_string(p, curve_name);
- break;
- case OSSL_PARAM_UTF8_PTR:
- ret = OSSL_PARAM_set_utf8_ptr(p, curve_name);
- break;
- }
- return ret;
- }
- return 1;
-}
-
-static const OSSL_PARAM *ec_gen_gettable_params(void *provctx)
-{
- static OSSL_PARAM gettable[] = {
- { OSSL_PKEY_PARAM_EC_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- OSSL_PARAM_END
- };
-
- return gettable;
-}
-
static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group)
{
if (group == NULL) {
@@ -767,9 +732,6 @@ const OSSL_DISPATCH ec_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params },
{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
(void (*)(void))ec_gen_settable_params },
- { OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS, (void (*)(void))ec_gen_get_params },
- { OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS,
- (void (*)(void))ec_gen_gettable_params },
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen },
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup },
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
diff --git a/test/dsatest.c b/test/dsatest.c
index eac4a17ed1..c9857d6c67 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -155,6 +155,7 @@ static int dsa_keygen_test(void)
unsigned char seed_out[32];
char group_out[32];
size_t len = 0;
+ const OSSL_PARAM *settables = NULL;
static const unsigned char seed_data[] = {
0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
@@ -244,6 +245,10 @@ static int dsa_keygen_test(void)
goto end;
if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
|| !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
+ || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
+ || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
+ || !TEST_ptr(OSSL_PARAM_locate_const(settables,
+ OSSL_PKEY_PARAM_FFC_PBITS))
|| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
|| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
|| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
More information about the openssl-commits
mailing list