[openssl] master update
Richard Levitte
levitte at openssl.org
Fri Nov 27 14:31:36 UTC 2020
The branch master has been updated
via 888bdbfd398c967daaa00cf6b3d104f0e3d26865 (commit)
from a614af95531dd9f168aa4b71bd1195b4fdfe1794 (commit)
- Log -----------------------------------------------------------------
commit 888bdbfd398c967daaa00cf6b3d104f0e3d26865
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Nov 26 11:58:56 2020 +0100
EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA. This change solves that problem by shuffling these
functions to more appropriate places.
Fixes #13529
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_lib.c | 144 ---------------------------------------------
crypto/evp/build.info | 4 ++
crypto/evp/dsa_ctrl.c | 157 ++++++++++++++++++++++++++++++++++++++++++++++++++
include/openssl/dsa.h | 47 ++++++++-------
util/libcrypto.num | 14 ++---
5 files changed, 193 insertions(+), 173 deletions(-)
create mode 100644 crypto/evp/dsa_ctrl.c
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 2c3569a2c3..983a463ff5 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -19,9 +19,7 @@
#include <openssl/bn.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
-#include <openssl/core_names.h>
#include "dsa_local.h"
-#include "crypto/evp.h"
#include "crypto/dsa.h"
#include "crypto/dh.h" /* required by DSA_dup_DH() */
@@ -361,145 +359,3 @@ int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
dsa->dirty_cnt++;
return ret;
}
-
-static int dsa_paramgen_check(EVP_PKEY_CTX *ctx)
-{
- if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
- /* Uses the same return values as EVP_PKEY_CTX_ctrl */
- return -2;
- }
- /* If key type not DSA return error */
- if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA)
- return -1;
- return 1;
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name)
-{
- int ret;
- OSSL_PARAM params[2], *p = params;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
- *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
- (char *)name, 0);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
-{
- int ret;
- OSSL_PARAM params[2], *p = params;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
- *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
- const unsigned char *seed,
- size_t seedlen)
-{
- int ret;
- OSSL_PARAM params[2], *p = params;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
- *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
- (void *)seed, seedlen);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
-{
- int ret;
- OSSL_PARAM params[2], *p = params;
- size_t bits = nbits;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
-#if !defined(FIPS_MODULE)
- /* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.keymgmt.genctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
- EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL);
-#endif
-
- *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
-{
- int ret;
- OSSL_PARAM params[2], *p = params;
- size_t bits2 = qbits;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
-#if !defined(FIPS_MODULE)
- /* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.keymgmt.genctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
- EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
-#endif
-
- *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
- const char *md_name,
- const char *md_properties)
-{
- int ret;
- OSSL_PARAM params[3], *p = params;
-
- if ((ret = dsa_paramgen_check(ctx)) <= 0)
- return ret;
-
-#if !defined(FIPS_MODULE)
- /* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.keymgmt.genctx == NULL) {
- const EVP_MD *md = EVP_get_digestbyname(md_name);
-
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
- EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md));
- }
-#endif
-
- *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST,
- (char *)md_name, 0);
- if (md_properties != NULL)
- *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
- (char *)md_properties, 0);
- *p++ = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-#if !defined(FIPS_MODULE)
-int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
-{
- const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
-
- return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL);
-}
-#endif
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 358709a6a4..204c199bac 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -4,6 +4,10 @@ $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
pmeth_check.c evp_rand.c asymcipher.c kem.c
+# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda
+# sorta not.
+$COMMON=$COMMON dsa_ctrl.c
+
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c \
diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c
new file mode 100644
index 0000000000..cb7e543e02
--- /dev/null
+++ b/crypto/evp/dsa_ctrl.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <openssl/core_names.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+
+static int dsa_paramgen_check(EVP_PKEY_CTX *ctx)
+{
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ /* If key type not DSA return error */
+ if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA)
+ return -1;
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
+ (char *)name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
+ (void *)seed, seedlen);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ size_t bits = nbits;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODULE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL);
+#endif
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ size_t bits2 = qbits;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODULE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+#endif
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
+ const char *md_name,
+ const char *md_properties)
+{
+ int ret;
+ OSSL_PARAM params[3], *p = params;
+
+ if ((ret = dsa_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODULE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL) {
+ const EVP_MD *md = EVP_get_digestbyname(md_name);
+
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md));
+ }
+#endif
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST,
+ (char *)md_name, 0);
+ if (md_properties != NULL)
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
+ (char *)md_properties, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+#if !defined(FIPS_MODULE)
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
+
+ return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL);
+}
+#endif
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 915870acbf..8b4696fabc 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -17,16 +17,35 @@
# endif
# include <openssl/opensslconf.h>
+# include <openssl/types.h>
-# ifndef OPENSSL_NO_DSA
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-# endif
+# endif
+
+# include <stdlib.h>
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
+ const char *md_name,
+ const char *md_properties);
+int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
+int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen);
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
+
+# ifndef OPENSSL_NO_DSA
# include <openssl/e_os2.h>
# include <openssl/asn1.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
-# include <openssl/types.h>
# include <openssl/bn.h>
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# include <openssl/dh.h>
@@ -182,22 +201,6 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r))
# endif
-int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
-int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
-int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
- const char *md_name,
- const char *md_properties);
-int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
-int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
-int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
- const unsigned char *seed,
- size_t seedlen);
-int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
-
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
-
void DSA_get0_pqg(const DSA *d,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
@@ -261,8 +264,8 @@ DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam,
DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)))
-# ifdef __cplusplus
+# endif
+# ifdef __cplusplus
}
-# endif
# endif
#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1e27d46711..54a04d6d31 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5015,13 +5015,13 @@ d2i_PrivateKey_ex_fp ? 3_0_0 EXIST::FUNCTION:STDIO
d2i_PrivateKey_ex_bio ? 3_0_0 EXIST::FUNCTION:
PEM_read_bio_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION:
PEM_read_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION:STDIO
-EVP_PKEY_CTX_set_dsa_paramgen_bits ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_q_bits ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_md_props ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_gindex ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_type ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_seed ? 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_md ? 3_0_0 EXIST::FUNCTION:DSA
+EVP_PKEY_CTX_set_dsa_paramgen_bits ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_q_bits ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md_props ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_gindex ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_type ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_seed ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_dh_paramgen_type ? 3_0_0 EXIST::FUNCTION:DH
EVP_PKEY_CTX_set_dh_paramgen_gindex ? 3_0_0 EXIST::FUNCTION:DH
EVP_PKEY_CTX_set_dh_paramgen_seed ? 3_0_0 EXIST::FUNCTION:DH
More information about the openssl-commits
mailing list