[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Sep 25 02:14:12 UTC 2020
The branch master has been updated
via 25b16562d386bfd30c7059366d09864260d9f271 (commit)
from 21e5be854deb65f54661c8231a9a30a453a173e0 (commit)
- Log -----------------------------------------------------------------
commit 25b16562d386bfd30c7059366d09864260d9f271
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 25 12:12:22 2020 +1000
Hide ECX_KEY again
ECX_KEY was not meant for public consumption, it was only to be
accessed indirectly via EVP routines. However, we still need internal
access for our decoders.
This partially reverts 7c664b1f1b5f60bf896f5fdea5c08c401c541dfe
Fixes #12880
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12956)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 26 +++---------
doc/internal/man3/evp_pkey_get1_ED25519.pod | 43 +++++++++++++++++++
doc/man3/EVP_PKEY_set1_RSA.pod | 49 ++++------------------
include/crypto/ecx.h | 5 +++
include/openssl/evp.h | 21 ----------
.../implementations/encode_decode/decode_der2key.c | 8 ++--
util/libcrypto.num | 12 ------
util/other.syms | 4 --
8 files changed, 66 insertions(+), 102 deletions(-)
create mode 100644 doc/internal/man3/evp_pkey_get1_ED25519.pod
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index aae71b30e2..73502f1f62 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -870,15 +870,7 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
return ret;
}
-static int EVP_PKEY_set1_ECX_KEY(EVP_PKEY *pkey, int type, ECX_KEY *key)
-{
- int ret = EVP_PKEY_assign(pkey, type, key);
- if (ret)
- ecx_key_up_ref(key);
- return ret;
-}
-
-static ECX_KEY *EVP_PKEY_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
+static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
@@ -891,26 +883,18 @@ static ECX_KEY *EVP_PKEY_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
return pkey->pkey.ecx;
}
-static ECX_KEY *EVP_PKEY_get1_ECX_KEY(EVP_PKEY *pkey, int type)
+static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type)
{
- ECX_KEY *ret = EVP_PKEY_get0_ECX_KEY(pkey, type);
+ ECX_KEY *ret = evp_pkey_get0_ECX_KEY(pkey, type);
if (ret != NULL)
ecx_key_up_ref(ret);
return ret;
}
# define IMPLEMENT_ECX_VARIANT(NAME) \
- int EVP_PKEY_set1_##NAME(EVP_PKEY *pkey, ECX_KEY *key) \
- { \
- return EVP_PKEY_set1_ECX_KEY(pkey, EVP_PKEY_##NAME, key); \
- } \
- ECX_KEY *EVP_PKEY_get0_##NAME(const EVP_PKEY *pkey) \
- { \
- return EVP_PKEY_get0_ECX_KEY(pkey, EVP_PKEY_##NAME); \
- } \
- ECX_KEY *EVP_PKEY_get1_##NAME(EVP_PKEY *pkey) \
+ ECX_KEY *evp_pkey_get1_##NAME(EVP_PKEY *pkey) \
{ \
- return EVP_PKEY_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \
+ return evp_pkey_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \
}
IMPLEMENT_ECX_VARIANT(X25519)
IMPLEMENT_ECX_VARIANT(X448)
diff --git a/doc/internal/man3/evp_pkey_get1_ED25519.pod b/doc/internal/man3/evp_pkey_get1_ED25519.pod
new file mode 100644
index 0000000000..37b41e4591
--- /dev/null
+++ b/doc/internal/man3/evp_pkey_get1_ED25519.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+evp_pkey_get1_ED25519, evp_pkey_get1_ED448,
+evp_pkey_get1_X25519, evp_pkey_get1_X448
+- internal ECX from EVP_PKEY getter functions
+
+=head1 SYNOPSIS
+
+ #include "internal/evp.h"
+
+ ECX_KEY *evp_pkey_get1_ED25519(EVP_PKEY *pkey);
+ ECX_KEY *evp_pkey_get1_ED448(EVP_PKEY *pkey);
+ ECX_KEY *evp_pkey_get1_X25519(EVP_PKEY *pkey);
+ ECX_KEY *evp_pkey_get1_X448(EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and
+evp_pkey_get1_X448() return the referenced key in I<pkey> or NULL if the key
+is not of the correct type. The returned key must be freed after use.
+
+=head1 RETURN VALUES
+
+evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and
+evp_pkey_get1_X448() return the referenced key or NULL if an error
+occurred.
+
+=head1 HISTORY
+
+This functionality was added to OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use this
+file except in compliance with the License. You can obtain a copy in the file
+LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod
index 89737a3c8c..1a30b068cf 100644
--- a/doc/man3/EVP_PKEY_set1_RSA.pod
+++ b/doc/man3/EVP_PKEY_set1_RSA.pod
@@ -3,18 +3,10 @@
=head1 NAME
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
-EVP_PKEY_set1_ED25519, EVP_PKEY_set1_ED448,
-EVP_PKEY_set1_X25519, EVP_PKEY_set1_X448,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
-EVP_PKEY_get1_ED25519, EVP_PKEY_get1_ED448,
-EVP_PKEY_get1_X25519, EVP_PKEY_get1_X448,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
-EVP_PKEY_get0_ED25519, EVP_PKEY_get0_ED448,
-EVP_PKEY_get0_X25519, EVP_PKEY_get0_X448,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
-EVP_PKEY_assign_ED25519, EVP_PKEY_assign_ED448,
-EVP_PKEY_assign_X25519, EVP_PKEY_assign_X448,
EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
@@ -27,19 +19,11 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
- int EVP_PKEY_set1_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_set1_ED448(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_set1_X25519(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_set1_X448(EVP_PKEY *pkey, ECX_KEY *key);
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get1_ED25519(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get1_ED448(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get1_X25519(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get1_X448(EVP_PKEY *pkey);
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
@@ -48,19 +32,11 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get0_ED25519(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get0_ED448(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get0_X25519(EVP_PKEY *pkey);
- ECX_KEY *EVP_PKEY_get0_X448(EVP_PKEY *pkey);
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
- int EVP_PKEY_assign_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_assign_ED448(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_assign_X25519(EVP_PKEY *pkey, ECX_KEY *key);
- int EVP_PKEY_assign_X448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
@@ -74,28 +50,21 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
=head1 DESCRIPTION
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH(),
-EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_ED25519(), EVP_PKEY_set1_ED448(),
-EVP_PKEY_set1_X25519() and EVP_PKEY_set1_X448() set the key referenced by
-I<pkey> to I<key>.
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>.
EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY(), EVP_PKEY_get1_ED25519(), EVP_PKEY_get1_ED448(),
-EVP_PKEY_get1_X25519() and EVP_PKEY_get1_X448() return the referenced key in
-I<pkey> or NULL if the key is not of the correct type. The returned key must
-be freed after use.
+EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
+key is not of the correct type. The returned key must be freed after use.
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
-EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(),
-EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_ED25519(), EVP_PKEY_get0_ED448(),
-EVP_PKEY_get0_X25519() and EVP_PKEY_get0_X448() return the referenced
-key in I<pkey> or NULL if the key is not of the correct type but the
-reference count of the returned key is B<not> incremented and so must not be
-freed after use.
+EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
+EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
+key is not of the correct type but the reference count of the returned key
+is B<not> incremented and so must not be freed after use.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
-EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_ED25519(), EVP_PKEY_assign_ED448(),
-EVP_PKEY_assign_X25519(), EVP_PKEY_assign_X448(), EVP_PKEY_assign_POLY1305() and
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
the supplied I<key> internally and so I<key> will be freed when the parent
I<pkey> is freed.
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index 72cf5dd843..8730f93872 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -111,10 +111,15 @@ int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
void X448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
+
/* Backend support */
int ecx_public_from_private(ECX_KEY *key);
int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
int include_private);
+ECX_KEY *evp_pkey_get1_X25519(EVP_PKEY *pkey);
+ECX_KEY *evp_pkey_get1_X448(EVP_PKEY *pkey);
+ECX_KEY *evp_pkey_get1_ED25519(EVP_PKEY *pkey);
+ECX_KEY *evp_pkey_get1_ED448(EVP_PKEY *pkey);
# endif /* OPENSSL_NO_EC */
#endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index e843a48b22..ab5ca6b440 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -465,14 +465,6 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
# ifndef OPENSSL_NO_EC
# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
(eckey))
-# define EVP_PKEY_assign_X25519(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_X25519,\
- (ecxkey))
-# define EVP_PKEY_assign_X448(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_X448,\
- (ecxkey))
-# define EVP_PKEY_assign_ED25519(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_ED25519,\
- (ecxkey))
-# define EVP_PKEY_assign_ED448(pkey,ecxkey) EVP_PKEY_assign((pkey),EVP_PKEY_ED448,\
- (ecxkey))
# endif
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
@@ -1241,19 +1233,6 @@ struct ec_key_st;
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-struct ecx_key_st;
-int EVP_PKEY_set1_X25519(EVP_PKEY *pkey, struct ecx_key_st *key);
-struct ecx_key_st *EVP_PKEY_get0_X25519(const EVP_PKEY *pkey);
-struct ecx_key_st *EVP_PKEY_get1_X25519(EVP_PKEY *pkey);
-int EVP_PKEY_set1_X448(EVP_PKEY *pkey, struct ecx_key_st *key);
-struct ecx_key_st *EVP_PKEY_get0_X448(const EVP_PKEY *pkey);
-struct ecx_key_st *EVP_PKEY_get1_X448(EVP_PKEY *pkey);
-int EVP_PKEY_set1_ED25519(EVP_PKEY *pkey, struct ecx_key_st *key);
-struct ecx_key_st *EVP_PKEY_get0_ED25519(const EVP_PKEY *pkey);
-struct ecx_key_st *EVP_PKEY_get1_ED25519(EVP_PKEY *pkey);
-int EVP_PKEY_set1_ED448(EVP_PKEY *pkey, struct ecx_key_st *key);
-struct ecx_key_st *EVP_PKEY_get0_ED448(const EVP_PKEY *pkey);
-struct ecx_key_st *EVP_PKEY_get1_ED448(EVP_PKEY *pkey);
# endif
EVP_PKEY *EVP_PKEY_new(void);
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index f75faf2d11..12f5efd153 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -304,12 +304,12 @@ IMPLEMENT_NEWCTX("DSA", DSA, dsa, EVP_PKEY_get1_DSA, DSA_free);
#ifndef OPENSSL_NO_EC
IMPLEMENT_NEWCTX("EC", EC, ec, EVP_PKEY_get1_EC_KEY, EC_KEY_free);
IMPLEMENT_NEWCTX("X25519", X25519, x25519,
- EVP_PKEY_get1_X25519, ecx_key_free);
+ evp_pkey_get1_X25519, ecx_key_free);
IMPLEMENT_NEWCTX("X448", X448, x448,
- EVP_PKEY_get1_X448, ecx_key_free);
+ evp_pkey_get1_X448, ecx_key_free);
IMPLEMENT_NEWCTX("ED25519", ED25519, ed25519,
- EVP_PKEY_get1_ED25519, ecx_key_free);
-IMPLEMENT_NEWCTX("ED448", ED448, ed448, EVP_PKEY_get1_ED448, ecx_key_free);
+ evp_pkey_get1_ED25519, ecx_key_free);
+IMPLEMENT_NEWCTX("ED448", ED448, ed448, evp_pkey_get1_ED448, ecx_key_free);
#endif
IMPLEMENT_NEWCTX("RSA", RSA, rsa, EVP_PKEY_get1_RSA, RSA_free);
IMPLEMENT_NEWCTX("RSA-PSS", RSA_PSS, rsapss, EVP_PKEY_get1_RSA, RSA_free);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ceab5d3fd9..851d5bb2dd 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5165,18 +5165,6 @@ ERR_load_OSSL_DECODER_strings ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_gettable_params ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_get_params ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_new_by_EVP_PKEY ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_set1_X25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get0_X25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get1_X25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_set1_X448 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get0_X448 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get1_X448 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_set1_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get0_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get1_ED25519 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_set1_ED448 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get0_ED448 ? 3_0_0 EXIST::FUNCTION:EC
-EVP_PKEY_get1_ED448 ? 3_0_0 EXIST::FUNCTION:EC
OSSL_DECODER_CTX_set_construct ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_construct_data ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION:
diff --git a/util/other.syms b/util/other.syms
index 6c7ec4c9ca..395b475159 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -304,10 +304,6 @@ EVP_PKEY_CTX_set_tls1_prf_md define
EVP_PKEY_assign_DH define
EVP_PKEY_assign_DSA define
EVP_PKEY_assign_EC_KEY define
-EVP_PKEY_assign_ED25519 define
-EVP_PKEY_assign_ED448 define
-EVP_PKEY_assign_X25519 define
-EVP_PKEY_assign_X448 define
EVP_PKEY_assign_POLY1305 define
EVP_PKEY_assign_RSA define
EVP_PKEY_assign_SIPHASH define
More information about the openssl-commits
mailing list