[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Mon Feb 8 06:39:04 UTC 2021


The branch master has been updated
       via  2db985b7b1e20ac670d196981aa7e8f31881d2eb (commit)
      from  64954e2f34b8839ca7ad1e9576a6efaf3e49e17c (commit)


- Log -----------------------------------------------------------------
commit 2db985b7b1e20ac670d196981aa7e8f31881d2eb
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri Feb 5 13:55:50 2021 +1000

    Simplify the EVP_PKEY_XXX_fromdata_XX methods.
    
    The existing names such as EVP_PKEY_param_fromdata_settable were a bit
    confusing since the 'param' referred to key params not OSSL_PARAM. To simplify
    the interface a 'selection' parameter will be passed instead. The
    changes are:
    
    (1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init().
    (2) EVP_PKEY_fromdata() has an additional selection parameter.
    (3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable().
        EVP_PKEY_fromdata_settable() also uses a selection parameter.
    
    Fixes #12989
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14076)

-----------------------------------------------------------------------

Summary of changes:
 apps/dhparam.c                     |  4 +-
 crypto/evp/p_lib.c                 |  8 ++--
 crypto/evp/pmeth_gn.c              | 46 ++++----------------
 doc/man3/EVP_PKEY_fromdata.pod     | 88 +++++++++++++++++++++++---------------
 include/openssl/evp.h              | 35 +++++++--------
 providers/fips/self_test_kats.c    | 16 +++----
 ssl/statem/statem_clnt.c           |  4 +-
 ssl/t1_lib.c                       |  5 ++-
 test/acvp_test.c                   | 18 ++++----
 test/ectest.c                      | 13 +++---
 test/evp_extra_test.c              | 15 ++++---
 test/evp_pkey_provided_test.c      | 35 +++++++++------
 test/helpers/predefined_dhparams.c |  5 ++-
 test/sslapitest.c                  |  5 ++-
 util/libcrypto.num                 |  6 +--
 15 files changed, 153 insertions(+), 150 deletions(-)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 8242a1f1d7..cfa399e459 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -387,8 +387,8 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)
 
     ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
     if (ctx == NULL
-            || !EVP_PKEY_param_fromdata_init(ctx)
-            || !EVP_PKEY_fromdata(ctx, &pkey, params)) {
+            || !EVP_PKEY_fromdata_init(ctx)
+            || !EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params)) {
         BIO_printf(bio_err, "Error, failed to set DH parameters\n");
         goto err;
     }
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index fc0e5be7de..fe53b62cdd 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -391,7 +391,7 @@ static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx,
             goto err;
         /* May fail if no provider available */
         ERR_set_mark();
-        if (EVP_PKEY_key_fromdata_init(ctx) == 1) {
+        if (EVP_PKEY_fromdata_init(ctx) == 1) {
             OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
             ERR_clear_last_mark();
@@ -400,7 +400,7 @@ static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx,
                                         : OSSL_PKEY_PARAM_PUB_KEY,
                             (void *)key, len);
 
-            if (EVP_PKEY_fromdata(ctx, &pkey, params) != 1) {
+            if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
                 goto err;
             }
@@ -610,7 +610,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
     if (ctx == NULL)
         goto err;
 
-    if (!EVP_PKEY_key_fromdata_init(ctx)) {
+    if (!EVP_PKEY_fromdata_init(ctx)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
         goto err;
     }
@@ -629,7 +629,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
 #  endif
     *p = OSSL_PARAM_construct_end();
 
-    if (!EVP_PKEY_fromdata(ctx, &pkey, params)) {
+    if (!EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
         goto err;
     }
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index beaa001bf5..bf35088a7d 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -345,22 +345,17 @@ static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
     return -2;
 }
 
-int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx)
+int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
 {
-    return fromdata_init(ctx, EVP_PKEY_OP_PARAMFROMDATA);
+    return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
 }
 
-int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx)
-{
-    return fromdata_init(ctx, EVP_PKEY_OP_KEYFROMDATA);
-}
-
-int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[])
+int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
+                      OSSL_PARAM params[])
 {
     void *keydata = NULL;
-    int selection;
 
-    if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_TYPE_FROMDATA) == 0) {
+    if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
@@ -376,40 +371,17 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[])
         return -1;
     }
 
-    if (ctx->operation == EVP_PKEY_OP_PARAMFROMDATA)
-        selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
-    else
-        selection = OSSL_KEYMGMT_SELECT_ALL;
-    keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection,
-                                        params);
-
+    keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
     if (keydata == NULL)
         return 0;
     /* keydata is cached in *ppkey, so we need not bother with it further */
     return 1;
 }
 
-/*
- * TODO(3.0) Re-evaluate the names, it's possible that we find these to be
- * better:
- *
- * EVP_PKEY_param_settable()
- * EVP_PKEY_param_gettable()
- */
-const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx)
-{
-    /* We call fromdata_init to get ctx->keymgmt populated */
-    if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED))
-        return evp_keymgmt_import_types(ctx->keymgmt,
-                                        OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
-    return NULL;
-}
-
-const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx)
+const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection)
 {
     /* We call fromdata_init to get ctx->keymgmt populated */
-    if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED))
-        return evp_keymgmt_import_types(ctx->keymgmt,
-                                        OSSL_KEYMGMT_SELECT_ALL);
+    if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
+        return evp_keymgmt_import_types(ctx->keymgmt, selection);
     return NULL;
 }
diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index aaf545d648..40f39d7c68 100644
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -2,19 +2,17 @@
 
 =head1 NAME
 
-EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata,
-EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable
-- functions to create key parameters and keys from user data
+EVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable
+- functions to create keys and key parameters from user data
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
- const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
+                       OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection);
 
 =head1 DESCRIPTION
 
@@ -29,17 +27,15 @@ L<EVP_PKEY_CTX_new_id(3)>.
 The exact key data that the user can pass depends on the key type.
 These are passed as an L<OSSL_PARAM(3)> array.
 
-EVP_PKEY_param_fromdata_init() initializes a public key algorithm context
-for creating key parameters from user data.
+EVP_PKEY_fromdata_init() initializes a public key algorithm context
+for creating a key or key parameters from user data.
 
-EVP_PKEY_key_fromdata_init() initializes a public key algorithm context for
-creating a key from user data.
-
-EVP_PKEY_fromdata() creates the structure to store key parameters or a
-key, given data from I<params> and a context that's been initialized with
-EVP_PKEY_param_fromdata_init() or EVP_PKEY_key_fromdata_init().  The result is
-written to I<*ppkey>. The parameters that can be used for various types of key
-are as described by the diverse "Common parameters" sections of the
+EVP_PKEY_fromdata() creates the structure to store a key or key parameters,
+given data from I<params>, I<selection> and a context that's been initialized
+with EVP_PKEY_fromdata_init().  The result is written to I<*ppkey>.
+I<selection> is described in L</Selections>.
+The parameters that can be used for various types of key are as described by the
+diverse "Common parameters" sections of the
 L<B<EVP_PKEY-RSA>(7)|EVP_PKEY-RSA(7)/Common RSA parameters>,
 L<B<EVP_PKEY-DSA>(7)|EVP_PKEY-DSA(7)/Common DSA & DH parameters>,
 L<B<EVP_PKEY-DH>(7)|EVP_PKEY-DH(7)/Common DH parameters>,
@@ -52,24 +48,44 @@ and L<B<EVP_PKEY-ED25519>(7)|EVP_PKEY-ED25519(7)/Common X25519, X448, ED25519 an
 =for comment the awful list of links above is made this way so we get nice
 rendering as a man-page while still getting proper links in HTML
 
-EVP_PKEY_param_fromdata_settable() and EVP_PKEY_key_fromdata_settable()
-get a constant B<OSSL_PARAM> array that describes the settable parameters
-that can be used with EVP_PKEY_fromdata().
+EVP_PKEY_fromdata_settable() gets a constant B<OSSL_PARAM> array that describes
+the settable parameters that can be used with EVP_PKEY_fromdata().
+I<selection> is described in L</Selections>.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
 
+=head2 Selections
+
+The following constants can be used for I<selection>:
+
+=over 4
+
+=item B<EVP_PKEY_KEY_PARAMETERS>
+
+Only key parameters will be selected.
+
+=item B<EVP_PKEY_PUBLIC_KEY>
+
+Only public key components will be selected. This includes optional key
+parameters.
+
+=item B<EVP_PKEY_KEYPAIR>
+
+Any keypair components will be selected. This includes the private key,
+public key and key parameters.
+
+=back
+
 =head1 NOTES
 
-These functions only work with key management methods coming from a
-provider.
+These functions only work with key management methods coming from a provider.
 
 =for comment We may choose to make this available for legacy methods too... 
 
 =head1 RETURN VALUES
 
-EVP_PKEY_key_fromdata_init(), EVP_PKEY_param_fromdata_init() and
-EVP_PKEY_fromdata() return 1 for success and 0 or a negative value for
-failure.  In particular a return value of -2 indicates the operation is
-not supported by the public key algorithm.
+EVP_PKEY_fromdata_init() and EVP_PKEY_fromdata() return 1 for success and 0 or
+a negative value for failure.  In particular a return value of -2 indicates the
+operation is not supported by the public key algorithm.
 
 =head1 EXAMPLES
 
@@ -110,8 +126,8 @@ TODO Write a set of cookbook documents and link to them.
      EVP_PKEY *pkey = NULL;
 
      if (ctx == NULL
-         || EVP_PKEY_key_fromdata_init(ctx) <= 0
-         || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0)
+         || EVP_PKEY_fromdata_init(ctx) <= 0
+         || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
          exit(1);
 
      /* Do what you want with |pkey| */
@@ -173,8 +189,8 @@ TODO Write a set of cookbook documents and link to them.
      ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
      if (ctx == NULL
          || params != NULL
-         || EVP_PKEY_key_fromdata_init(ctx) <= 0
-         || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0) {
+         || EVP_PKEY_fromdata_init(ctx) <= 0
+         || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
          exitcode = 1;
      } else {
          /* Do what you want with |pkey| */
@@ -199,8 +215,10 @@ TODO Write a set of cookbook documents and link to them.
      EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
      const *OSSL_PARAM *settable_params = NULL;
 
-     if (ctx == NULL
-         || (settable_params = EVP_PKEY_key_fromdata_settable(ctx)) == NULL)
+     if (ctx == NULL)
+        exit(1);
+    settable_params = EVP_PKEY_fromdata_settable(ctx, EVP_PKEY_KEYPAIR);
+    if (settable_params == NULL)
          exit(1);
 
      for (; settable_params->key != NULL; settable_params++) {
@@ -235,7 +253,7 @@ TODO Write a set of cookbook documents and link to them.
  }
 
 The descriptor L<OSSL_PARAM(3)> returned by
-EVP_PKEY_key_fromdata_settable() may also be used programmatically, for
+EVP_PKEY_fromdata_settable() may also be used programmatically, for
 example with L<OSSL_PARAM_allocate_from_text(3)>.
 
 =head1 SEE ALSO
@@ -252,7 +270,7 @@ These functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 239b107833..5f9de9d8b9 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -21,6 +21,7 @@
 # include <openssl/opensslconf.h>
 # include <openssl/types.h>
 # include <openssl/core.h>
+# include <openssl/core_dispatch.h>
 # include <openssl/symhacks.h>
 # include <openssl/bio.h>
 # include <openssl/evperr.h>
@@ -1552,18 +1553,17 @@ const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key);
 # define EVP_PKEY_OP_UNDEFINED           0
 # define EVP_PKEY_OP_PARAMGEN            (1<<1)
 # define EVP_PKEY_OP_KEYGEN              (1<<2)
-# define EVP_PKEY_OP_PARAMFROMDATA       (1<<3)
-# define EVP_PKEY_OP_KEYFROMDATA         (1<<4)
-# define EVP_PKEY_OP_SIGN                (1<<5)
-# define EVP_PKEY_OP_VERIFY              (1<<6)
-# define EVP_PKEY_OP_VERIFYRECOVER       (1<<7)
-# define EVP_PKEY_OP_SIGNCTX             (1<<8)
-# define EVP_PKEY_OP_VERIFYCTX           (1<<9)
-# define EVP_PKEY_OP_ENCRYPT             (1<<10)
-# define EVP_PKEY_OP_DECRYPT             (1<<11)
-# define EVP_PKEY_OP_DERIVE              (1<<12)
-# define EVP_PKEY_OP_ENCAPSULATE         (1<<13)
-# define EVP_PKEY_OP_DECAPSULATE         (1<<14)
+# define EVP_PKEY_OP_FROMDATA            (1<<3)
+# define EVP_PKEY_OP_SIGN                (1<<4)
+# define EVP_PKEY_OP_VERIFY              (1<<5)
+# define EVP_PKEY_OP_VERIFYRECOVER       (1<<6)
+# define EVP_PKEY_OP_SIGNCTX             (1<<7)
+# define EVP_PKEY_OP_VERIFYCTX           (1<<8)
+# define EVP_PKEY_OP_ENCRYPT             (1<<9)
+# define EVP_PKEY_OP_DECRYPT             (1<<10)
+# define EVP_PKEY_OP_DERIVE              (1<<11)
+# define EVP_PKEY_OP_ENCAPSULATE         (1<<12)
+# define EVP_PKEY_OP_DECAPSULATE         (1<<13)
 
 # define EVP_PKEY_OP_TYPE_SIG    \
         (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
@@ -1578,8 +1578,6 @@ const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key);
 # define EVP_PKEY_OP_TYPE_GEN \
         (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
 
-# define EVP_PKEY_OP_TYPE_FROMDATA \
-        (EVP_PKEY_OP_PARAMFROMDATA | EVP_PKEY_OP_KEYFROMDATA)
 
 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
                              int keylen);
@@ -1790,11 +1788,10 @@ int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
 
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
-int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM param[]);
-const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
-const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
+                      OSSL_PARAM param[]);
+const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection);
 const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey);
 int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]);
 int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name,
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index d4102f25bd..c408339298 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -392,11 +392,11 @@ static int self_test_ka(const ST_KAT_KAS *t,
     kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
     if (kactx == NULL)
         goto err;
-    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
-        || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
+    if (EVP_PKEY_fromdata_init(kactx) <= 0
+        || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
         goto err;
-    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
-        || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
+    if (EVP_PKEY_fromdata_init(kactx) <= 0
+        || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
         goto err;
 
     /* Create a EVP_PKEY_CTX to perform key derivation */
@@ -464,8 +464,8 @@ static int self_test_sign(const ST_KAT_SIGN *t,
     kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
     if (kctx == NULL || params == NULL)
         goto err;
-    if (EVP_PKEY_key_fromdata_init(kctx) <= 0
-        || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
+    if (EVP_PKEY_fromdata_init(kctx) <= 0
+        || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
         goto err;
 
     /* Create a EVP_PKEY_CTX to use for the signing operation */
@@ -546,8 +546,8 @@ static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st
     keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
     if (keyctx == NULL || keyparams == NULL)
         goto err;
-    if (EVP_PKEY_key_fromdata_init(keyctx) <= 0
-        || EVP_PKEY_fromdata(keyctx, &key, keyparams) <= 0)
+    if (EVP_PKEY_fromdata_init(keyctx) <= 0
+        || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
         goto err;
 
     /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index cff522604f..1e9ab00976 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2063,8 +2063,8 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
-    if (EVP_PKEY_key_fromdata_init(pctx) <= 0
-            || EVP_PKEY_fromdata(pctx, &peer_tmp, params) <= 0) {
+    if (EVP_PKEY_fromdata_init(pctx) <= 0
+            || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_DH_VALUE);
         goto err;
     }
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a7b5a6cc3f..684e8494fc 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2901,7 +2901,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
 
     pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq);
     if (pctx == NULL
-            || EVP_PKEY_key_fromdata_init(pctx) != 1)
+            || EVP_PKEY_fromdata_init(pctx) != 1)
         goto err;
 
     tmpl = OSSL_PARAM_BLD_new();
@@ -2911,7 +2911,8 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
         goto err;
 
     params = OSSL_PARAM_BLD_to_param(tmpl);
-    if (params == NULL || EVP_PKEY_fromdata(pctx, &dhp, params) != 1)
+    if (params == NULL
+            || EVP_PKEY_fromdata(pctx, &dhp, EVP_PKEY_KEY_PARAMETERS, params) != 1)
         goto err;
 
 err:
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 3d4214c784..2dc01aeeae 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -169,8 +169,9 @@ static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
                                                        pub, pub_len) > 0)
         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
-        || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
+                                          params), expected))
     goto err;
 
     ret = 1;
@@ -510,8 +511,8 @@ static int dsa_create_pkey(EVP_PKEY **pkey,
      }
      if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
          || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
-         || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-         || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
+         || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+         || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, params)))
          goto err;
 
     ret = 1;
@@ -930,8 +931,9 @@ static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
 
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
-        || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
+                        pass))
     goto err;
 
     ret = 1;
@@ -1053,8 +1055,8 @@ static int rsa_create_pkey(EVP_PKEY **pkey,
     }
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
-        || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params)))
         goto err;
 
     ret = 1;
diff --git a/test/ectest.c b/test/ectest.c
index e00e7c2b3a..6d08d0481f 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -2409,8 +2409,9 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
 
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
         || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
-        || !TEST_int_gt(EVP_PKEY_param_fromdata_init(pctx), 0)
-        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, params), 0))
+        || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
+                                          EVP_PKEY_KEY_PARAMETERS, params), 0))
         goto err;
 
     /*- Check that all the set values are retrievable -*/
@@ -2869,9 +2870,11 @@ static int custom_params_test(int id)
     /* create two new provider-native `EVP_PKEY`s */
     EVP_PKEY_CTX_free(pctx2);
     if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
-            || !TEST_true(EVP_PKEY_key_fromdata_init(pctx2))
-            || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, params1))
-            || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, params2)))
+            || !TEST_true(EVP_PKEY_fromdata_init(pctx2))
+            || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR,
+                                            params1))
+            || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY,
+                                            params2)))
         goto err;
 
     /* compute keyexchange once more using the provider keys */
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 223a8db6f1..b3f2ec689b 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -496,8 +496,9 @@ static int test_fromdata(char *keytype, OSSL_PARAM *params)
 
     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
         goto err;
-    if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
-        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
+    if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
+                                          params), 0))
         goto err;
 
     if (!TEST_ptr(pkey))
@@ -1954,8 +1955,9 @@ static int test_DSA_get_set_params(void)
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
         goto err;
 
-    if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
-        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
+    if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
+                                          params), 0))
         goto err;
 
     if (!TEST_ptr(pkey))
@@ -2014,8 +2016,9 @@ static int test_RSA_get_set_params(void)
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
         goto err;
 
-    if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
-        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
+    if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
+                                          params), 0))
         goto err;
 
     if (!TEST_ptr(pkey))
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index bfc9cd2ebc..85ae542b7c 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -339,8 +339,9 @@ static int test_fromdata_rsa(void)
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), 32)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), 8)
         || !TEST_int_eq(EVP_PKEY_size(pk), 4))
@@ -411,8 +412,9 @@ static int test_evp_pkey_get_bn_param_large(void)
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
         || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
-        || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
         || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
         || !TEST_BN_eq(n, n_out))
@@ -501,8 +503,9 @@ static int test_fromdata_dh_named_group(void)
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
         || !TEST_int_eq(EVP_PKEY_size(pk), 256))
@@ -645,8 +648,9 @@ static int test_fromdata_dh_fips186_4(void)
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
         || !TEST_int_eq(EVP_PKEY_size(pk), 256))
@@ -916,8 +920,9 @@ static int test_fromdata_ecx(int tst)
         fromdata_params = params;
     }
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), bits)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), security_bits)
         || !TEST_int_eq(EVP_PKEY_size(pk), size))
@@ -1028,8 +1033,9 @@ static int test_fromdata_ec(void)
     if (!TEST_ptr(ctx))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), 256)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), 128)
         || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 35 * 2))
@@ -1286,8 +1292,9 @@ static int test_fromdata_dsa_fips186_4(void)
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+    if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
+                                        fromdata_params))
         || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
         || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
         || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data))))
diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
index 18fb096216..1a19470081 100644
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
@@ -23,7 +23,7 @@ static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
     OSSL_PARAM *params = NULL;
     EVP_PKEY *dhpkey = NULL;
 
-    if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
+    if (pctx == NULL || !EVP_PKEY_fromdata_init(pctx))
         goto err;
 
     if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
@@ -34,7 +34,8 @@ static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
         goto err;
 
     params = OSSL_PARAM_BLD_to_param(tmpl);
-    if (params == NULL || !EVP_PKEY_fromdata(pctx, &dhpkey, params))
+    if (params == NULL
+        || !EVP_PKEY_fromdata(pctx, &dhpkey, EVP_PKEY_KEY_PARAMETERS, params))
         goto err;
 
  err:
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 7cae297a17..6f30a7efd1 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8221,7 +8221,7 @@ static EVP_PKEY *get_tmp_dh_params(void)
 
         pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
         if (!TEST_ptr(pctx)
-                || !TEST_true(EVP_PKEY_key_fromdata_init(pctx)))
+                || !TEST_true(EVP_PKEY_fromdata_init(pctx)))
             goto end;
 
         tmpl = OSSL_PARAM_BLD_new();
@@ -8236,7 +8236,8 @@ static EVP_PKEY *get_tmp_dh_params(void)
 
         params = OSSL_PARAM_BLD_to_param(tmpl);
         if (!TEST_ptr(params)
-                || !TEST_true(EVP_PKEY_fromdata(pctx, &dhpkey, params)))
+                || !TEST_true(EVP_PKEY_fromdata(pctx, &dhpkey,
+                                                EVP_PKEY_KEY_PARAMETERS, params)))
             goto end;
 
         tmp_dh_params = dhpkey;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c591ab8ec5..f72749f062 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4798,11 +4798,7 @@ X509_add_certs                          ?	3_0_0	EXIST::FUNCTION:
 X509_STORE_load_file                    ?	3_0_0	EXIST::FUNCTION:
 X509_STORE_load_path                    ?	3_0_0	EXIST::FUNCTION:
 X509_STORE_load_store                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_param_fromdata_init            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_key_fromdata_init              ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_fromdata                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_param_fromdata_settable        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_key_fromdata_settable          ?	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_free                    ?	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_up_ref                  ?	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_provider                ?	3_0_0	EXIST::FUNCTION:
@@ -5300,3 +5296,5 @@ EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_ec_point_conv_form         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_field_type                 ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_params                     ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_fromdata_init                  ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_fromdata_settable              ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list