diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-05-26 13:53:07 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-05-26 13:53:07 +1000 |
| commit | b8086652650c0782bc8d63b620663e04a3c6a3a7 (patch) | |
| tree | 831362a2004a3b79808f04eb4e387b7e649177ab /crypto | |
| parent | f32af93c924dca25728d8e7b85b8e4b660154e12 (diff) | |
| download | openssl-b8086652650c0782bc8d63b620663e04a3c6a3a7.zip openssl-b8086652650c0782bc8d63b620663e04a3c6a3a7.tar.gz openssl-b8086652650c0782bc8d63b620663e04a3c6a3a7.tar.bz2 | |
Update core_names.h fields and document most fields.
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.
Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/dh/dh_lib.c | 6 | ||||
| -rw-r--r-- | crypto/ec/ec_backend.c | 15 | ||||
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 6 | ||||
| -rw-r--r-- | crypto/ffc/ffc_backend.c | 2 | ||||
| -rw-r--r-- | crypto/ffc/ffc_params.c | 2 | ||||
| -rw-r--r-- | crypto/provider_core.c | 16 |
6 files changed, 26 insertions, 21 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index c3585f2..3a523c3 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -475,7 +475,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen) EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL); #endif - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GENERATOR, &gen); + *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 98dd0ec..fb6497b 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -19,15 +19,10 @@ * implementations alike. */ -int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p) +int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode) { const EC_GROUP *ecg = EC_KEY_get0_group(ec); const BIGNUM *cofactor; - int mode; - - if (!OSSL_PARAM_get_int(p, &mode)) - return 0; - /* * mode can be only 0 for disable, or 1 for enable here. * @@ -224,8 +219,12 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); - if (p != NULL && !ec_set_param_ecdh_cofactor_mode(ec, p)) - return 0; + if (p != NULL) { + int mode; + if (!OSSL_PARAM_get_int(p, &mode) + || !ec_set_ecdh_cofactor_mode(ec, mode)) + return 0; + } return 1; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index e4327b3..355565d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1033,7 +1033,7 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, # endif # ifndef OPENSSL_NO_DH else if (strcmp(name, "dh_paramgen_generator") == 0) - name = OSSL_PKEY_PARAM_FFC_GENERATOR; + name = OSSL_PKEY_PARAM_DH_GENERATOR; else if (strcmp(name, "dh_paramgen_prime_len") == 0) name = OSSL_PKEY_PARAM_FFC_PBITS; else if (strcmp(name, "dh_paramgen_subprime_len") == 0) @@ -1042,9 +1042,9 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_FFC_TYPE; value = dh_gen_type_id2name(atoi(value)); } else if (strcmp(name, "dh_param") == 0) - name = OSSL_PKEY_PARAM_FFC_GROUP; + name = OSSL_PKEY_PARAM_DH_GROUP; else if (strcmp(name, "dh_rfc5114") == 0) { - name = OSSL_PKEY_PARAM_FFC_GROUP; + name = OSSL_PKEY_PARAM_DH_GROUP; value = ffc_named_group_from_uid(atoi(value)); } else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 1cfa427..c34e79b 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (ffc == NULL) return 0; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_UTF8_STRING) goto err; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index efd7dc8..a95a2fa 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -220,7 +220,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_GROUP, + OSSL_PKEY_PARAM_DH_GROUP, name)) return 0; #else diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 0c21660..f8aa572 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -841,8 +841,13 @@ int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, * never knows. */ static const OSSL_PARAM param_types[] = { - OSSL_PARAM_DEFN("openssl-version", OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN("provider-name", OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR, + NULL, 0), +#ifndef FIPS_MODULE + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR, + NULL, 0), +#endif OSSL_PARAM_END }; @@ -879,13 +884,14 @@ static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]) */ OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL) + if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_VERSION)) != NULL) OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); - if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL) + if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_PROV_NAME)) != NULL) OSSL_PARAM_set_utf8_ptr(p, prov->name); #ifndef FIPS_MODULE - if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_MODULE_FILENAME)) != NULL) + if ((p = OSSL_PARAM_locate(params, + OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) != NULL) OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov)); #endif |