diff options
author | Richard Levitte <levitte@openssl.org> | 2019-10-14 10:10:58 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-10-17 13:01:14 +0200 |
commit | 14e3e00fe2c20a8594e3e20545d9f001fd7fa850 (patch) | |
tree | 79ee5be64742ff528afa3ba7c561792dea1a1d03 /crypto/dh | |
parent | 02f060d17e667a2805eb0c71266c35de9e7e3864 (diff) | |
download | openssl-14e3e00fe2c20a8594e3e20545d9f001fd7fa850.zip openssl-14e3e00fe2c20a8594e3e20545d9f001fd7fa850.tar.gz openssl-14e3e00fe2c20a8594e3e20545d9f001fd7fa850.tar.bz2 |
DH: Add export of domain parameters to provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_ameth.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index a699afa..abb9bfd 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -548,7 +548,8 @@ static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey) return pkey->pkey.dh->dirty_cnt; } -static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) +static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int want_domainparams) { DH *dh = pk->pkey.dh; OSSL_PARAM_BLD tmpl; @@ -556,7 +557,7 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) const BIGNUM *pub_key = DH_get0_pub_key(dh); const BIGNUM *priv_key = DH_get0_priv_key(dh); OSSL_PARAM *params; - void *provkey = NULL; + void *provdata = NULL; if (p == NULL || g == NULL) return NULL; @@ -565,19 +566,15 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) return NULL; - if (q != NULL) { if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)) return NULL; } - /* - * This may be used to pass domain parameters only without any key data - - * so "pub_key" is optional. We can never have a "priv_key" without a - * corresponding "pub_key" though. - */ - if (pub_key != NULL) { - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + if (!want_domainparams) { + /* A key must at least have a public part. */ + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, + pub_key)) return NULL; if (priv_key != NULL) { @@ -590,10 +587,12 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) params = ossl_param_bld_to_param(&tmpl); /* We export, the provider imports */ - provkey = evp_keymgmt_importkey(keymgmt, params); + provdata = want_domainparams + ? evp_keymgmt_importdomparams(keymgmt, params) + : evp_keymgmt_importkey(keymgmt, params); ossl_param_bld_free(params); - return provkey; + return provdata; } const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { |