[openssl-dev] [PATCH] Export ASN1 templates for DH and ECDH groups

Matt Caswell matt at openssl.org
Tue Jan 27 23:52:01 UTC 2015


Please submit patches to rt at openssl.org.

Matt

On 27/01/15 16:15, Dr. Matthias St. Pierre wrote:
> From: "Dr. Matthias St. Pierre" <msp at ncp-e.com>
> 
> Add missing forward declarations and export declarations for DHparams
> and EC[PK]PARAMETERS.
> 
> Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
> objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().
> 
> Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
> ---
>  crypto/ec/ec.h      | 38 ++++++++++++++++++++++++++++++++++++++
>  crypto/ec/ec_asn1.c | 30 ++++++++++++++++++++++++++----
>  util/libeay.num     | 10 ++++++++++
>  3 files changed, 74 insertions(+), 4 deletions(-)
> 
> This patch makes the ASN1 templates used internally by OpenSSL for
> serializing DH and ECDH group parameters publicly available for reuse.
> 
> For example, if one wants to save a set of [EC]DH Groups together with
> application defined data (e.g, group-name, group-id) to a file, it
> is much easier to define a small set of ASN1 rules extending the existing
> ones and let OpenSSL do the serialization, than fiddling around with
> i2d_DHparams, i2d_ECParameters, etc. to embed the curve data as an 
> opaque blob into an OCTET_STREAM.
> 
> The patch was created against the OpenSSL_1_0_2-stable branch. If possible,
> it would be nice if it could be merged into the next 1.0.2 release.
> 
> diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
> index 98edfdf..97ccee8 100644
> --- a/crypto/ec/ec.h
> +++ b/crypto/ec/ec.h
> @@ -128,6 +128,9 @@ typedef struct ec_group_st
>  
>  typedef struct ec_point_st EC_POINT;
>  
> +typedef struct ecpk_parameters_st ECPKPARAMETERS;
> +typedef struct ec_parameters_st ECPARAMETERS;
> +
>  /********************************************************************/
>  /*               EC_METHODs for curves over GF(p)                   */
>  /********************************************************************/
> @@ -393,6 +396,38 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
>   */
>  EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
>  
> +/** Creates a new EC_GROUP object from an ECPARAMETERS object
> + *  \param  params  pointer to the ECPARAMETERS object
> + *  \return newly created EC_GROUP object with specified curve or NULL
> + *          if an error occurred
> + */
> +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
> +
> +/** Creates an ECPARAMETERS object for the the given EC_GROUP object.
> + *  \param  group   pointer to the EC_GROUP object
> + *  \param  params  pointer to an existing ECPARAMETERS object or NULL
> + *  \return pointer to the new ECPARAMETERS object or NULL
> + *          if an error occurred.
> + */
> +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
> +                                        ECPARAMETERS *params);
> +
> +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
> + *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
> + *  \return newly created EC_GROUP object with specified curve, or NULL
> + *          if an error occurred
> + */
> +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
> +
> +/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object.
> + *  \param  group   pointer to the EC_GROUP object
> + *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
> + *  \return pointer to the new ECPKPARAMETERS object or NULL
> + *          if an error occurred.
> + */
> +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
> +                                            ECPKPARAMETERS *params);
> +
>  /********************************************************************/
>  /*               handling of internal curves                        */
>  /********************************************************************/
> @@ -702,6 +737,9 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
>  /*                       ASN1 stuff                                 */
>  /********************************************************************/
>  
> +DECLARE_ASN1_ITEM(ECPKPARAMETERS)
> +DECLARE_ASN1_ITEM(ECPARAMETERS)
> +
>  /*
>   * EC_GROUP_get_basis_type() returns the NID of the basis type used to
>   * represent the field elements
> diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
> index 2924374..d84c6d2 100644
> --- a/crypto/ec/ec_asn1.c
> +++ b/crypto/ec/ec_asn1.c
> @@ -306,6 +306,28 @@ static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
>  static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
>                                                    ECPKPARAMETERS *);
>  
> +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
> +{
> +    return ec_asn1_parameters2group(params);
> +}
> +
> +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
> +                                        ECPARAMETERS *params)
> +{
> +    return ec_asn1_group2parameters(group, params);
> +}
> +
> +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
> +{
> +    return ec_asn1_pkparameters2group(params);
> +}
> +
> +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
> +                                            ECPKPARAMETERS *params)
> +{
> +    return ec_asn1_group2pkparameters(group, params);
> +}
> +
>  /* the function definitions */
>  
>  static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
> @@ -540,7 +562,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
>  }
>  
>  static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
> -                                              ECPARAMETERS *param)
> +                                              ECPARAMETERS *params)
>  {
>      int ok = 0;
>      size_t len = 0;
> @@ -555,13 +577,13 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
>          goto err;
>      }
>  
> -    if (param == NULL) {
> +    if (params == NULL) {
>          if ((ret = ECPARAMETERS_new()) == NULL) {
>              ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
>              goto err;
>          }
>      } else
> -        ret = param;
> +        ret = params;
>  
>      /* set the version (always one) */
>      ret->version = (long)0x1;
> @@ -631,7 +653,7 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
>      ok = 1;
>  
>   err:if (!ok) {
> -        if (ret && !param)
> +        if (ret && !params)
>              ECPARAMETERS_free(ret);
>          ret = NULL;
>      }
> diff --git a/util/libeay.num b/util/libeay.num
> index 4a11d78..bf0adc5 100755
> --- a/util/libeay.num
> +++ b/util/libeay.num
> @@ -4412,3 +4412,13 @@ ECDSA_METHOD_get_app_data               4770	EXIST::FUNCTION:ECDSA
>  X509_VERIFY_PARAM_add1_host             4771	EXIST::FUNCTION:
>  EC_GROUP_get_mont_data                  4772	EXIST::FUNCTION:EC
>  i2d_re_X509_tbs                         4773	EXIST::FUNCTION:
> +DHparams_it                             4774	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
> +DHparams_it                             4774	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
> +ECPARAMETERS_it                         4775	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
> +ECPARAMETERS_it                         4775	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
> +ECPKPARAMETERS_it                       4776	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
> +ECPKPARAMETERS_it                       4776	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
> +EC_GROUP_new_from_ecparameters          4777	EXIST::FUNCTION:EC
> +EC_GROUP_get_ecparameters               4778	EXIST::FUNCTION:EC
> +EC_GROUP_new_from_ecpkparameters        4779	EXIST::FUNCTION:EC
> +EC_GROUP_get_ecpkparameters             4780	EXIST::FUNCTION:EC
> 


More information about the openssl-dev mailing list