diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-11-26 11:58:56 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-11-27 15:30:51 +0100 |
| commit | 888bdbfd398c967daaa00cf6b3d104f0e3d26865 (patch) | |
| tree | dd06561974c9daca851a53db77209f34a9c14147 /crypto/dsa | |
| parent | a614af95531dd9f168aa4b71bd1195b4fdfe1794 (diff) | |
| download | openssl-new-888bdbfd398c967daaa00cf6b3d104f0e3d26865.tar.gz | |
EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA. This change solves that problem by shuffling these
functions to more appropriate places.
Fixes #13529
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)
Diffstat (limited to 'crypto/dsa')
| -rw-r--r-- | crypto/dsa/dsa_lib.c | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 2c3569a2c3..983a463ff5 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -19,9 +19,7 @@ #include <openssl/bn.h> #include <openssl/asn1.h> #include <openssl/engine.h> -#include <openssl/core_names.h> #include "dsa_local.h" -#include "crypto/evp.h" #include "crypto/dsa.h" #include "crypto/dh.h" /* required by DSA_dup_DH() */ @@ -361,145 +359,3 @@ int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]) dsa->dirty_cnt++; return ret; } - -static int dsa_paramgen_check(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - /* If key type not DSA return error */ - if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA) - return -1; - return 1; -} - -int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - (char *)name, 0); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits = nbits; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - -#if !defined(FIPS_MODULE) - /* TODO(3.0): Remove this eventually when no more legacy */ - if (ctx->op.keymgmt.genctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL); -#endif - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits2 = qbits; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - -#if !defined(FIPS_MODULE) - /* TODO(3.0): Remove this eventually when no more legacy */ - if (ctx->op.keymgmt.genctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); -#endif - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, - const char *md_name, - const char *md_properties) -{ - int ret; - OSSL_PARAM params[3], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - -#if !defined(FIPS_MODULE) - /* TODO(3.0): Remove this eventually when no more legacy */ - if (ctx->op.keymgmt.genctx == NULL) { - const EVP_MD *md = EVP_get_digestbyname(md_name); - - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)); - } -#endif - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, - (char *)md_name, 0); - if (md_properties != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - (char *)md_properties, 0); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -#if !defined(FIPS_MODULE) -int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - const char *md_name = (md == NULL) ? "" : EVP_MD_name(md); - - return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL); -} -#endif |