The branch master has been updated
via a2e145f8dbf064b56f793fc77b3ccd79f7c67689 (commit)
via c2403f362efc519e473269d183adc7cceddb8c54 (commit)
via 565b33990cc03d757f493616c040addbedfc80f8 (commit)
via c829c23b67308ad8e8ab677c78db1d5151106c3c (commit)
via d33ab074ef9847b67d96961f85f4ad614395d2c2 (commit)
from 0cc0164d193f6071a9d06b2116a410f8139a7e3c (commit)
- Log -----------------------------------------------------------------
commit a2e145f8dbf064b56f793fc77b3ccd79f7c67689
Author: Richard Levitte <levi...@openssl.org>
Date: Wed Dec 2 18:30:55 2020 +0100
Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
When OpenSSL is configured with 'no-dh', 'no-dsa' and 'no-ec'
combined, some static functions have no use, which the compiler may
complain about. We therefore add extra guards to silence it.
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
commit c2403f362efc519e473269d183adc7cceddb8c54
Author: Richard Levitte <levi...@openssl.org>
Date: Wed Dec 2 18:27:03 2020 +0100
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
The apps, the CMS library and the X.509 library are primarly affected.
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
commit 565b33990cc03d757f493616c040addbedfc80f8
Author: Richard Levitte <levi...@openssl.org>
Date: Tue Dec 1 19:21:04 2020 +0100
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more
available
EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY. This change solves that problem by shuffling these functions
to more appropriate places.
Partially fixes #13550
squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters
more available
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
commit c829c23b67308ad8e8ab677c78db1d5151106c3c
Author: Richard Levitte <levi...@openssl.org>
Date: Tue Dec 1 19:11:59 2020 +0100
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH. This change solves that problem by shuffling these functions to
more appropriate places.
By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH. This requires some re-arrangements of
internal tables to translate between numeric identities and names.
Partially fixes #13550
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
commit d33ab074ef9847b67d96961f85f4ad614395d2c2
Author: Richard Levitte <levi...@openssl.org>
Date: Tue Dec 1 19:09:39 2020 +0100
EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto
These functions aren't used by the FIPS module, so there's no reason
to include it there.
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 7 +-
crypto/cms/build.info | 9 +-
crypto/cms/cms_dh.c | 4 +-
crypto/cms/cms_ec.c | 2 -
crypto/cms/cms_env.c | 10 +-
crypto/cms/cms_sd.c | 5 +-
crypto/dh/build.info | 2 +-
crypto/dh/dh_group_params.c | 162 ++----------
crypto/ec/build.info | 2 +-
crypto/ec/ec_curve.c | 285 ++++++++-------------
crypto/evp/build.info | 10 +-
crypto/{dh => evp}/dh_ctrl.c | 46 ++--
crypto/evp/dh_support.c | 48 ++++
crypto/evp/digest.c | 6 +-
crypto/{ec => evp}/ec_ctrl.c | 8 +-
crypto/evp/ec_support.c | 195 ++++++++++++++
crypto/evp/evp_lib.c | 4 -
crypto/evp/p_lib.c | 9 +-
crypto/evp/pmeth_lib.c | 41 +--
crypto/ffc/build.info | 5 +-
crypto/ffc/ffc_backend.c | 10 +-
crypto/ffc/ffc_dh.c | 154 +++++++++++
crypto/ffc/ffc_params.c | 8 +-
crypto/x509/x509_req.c | 13 -
include/crypto/dh.h | 1 +
include/crypto/ec.h | 11 +-
include/internal/ffc.h | 20 +-
include/openssl/dh.h | 118 ++++-----
include/openssl/ec.h | 98 +++----
.../implementations/encode_decode/encode_key2any.c | 7 +-
.../encode_decode/encode_key2text.c | 3 +-
providers/implementations/keymgmt/dh_kmgmt.c | 46 +---
test/endecode_test.c | 12 +-
test/evp_pkey_dparams_test.c | 32 ++-
34 files changed, 763 insertions(+), 630 deletions(-)
rename crypto/{dh => evp}/dh_ctrl.c (94%)
create mode 100644 crypto/evp/dh_support.c
rename crypto/{ec => evp}/ec_ctrl.c (99%)
create mode 100644 crypto/evp/ec_support.c
create mode 100644 crypto/ffc/ffc_dh.c
diff --git a/apps/s_server.c b/apps/s_server.c
index 55a300beac..94417a206b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1252,9 +1252,7 @@ int s_server_main(int argc, char *argv[])
s_chain_file = opt_arg();
break;
case OPT_DHPARAM:
-#ifndef OPENSSL_NO_DH
dhfile = opt_arg();
-#endif
break;
case OPT_DCERTFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dcert_format))
@@ -1826,10 +1824,7 @@ int s_server_main(int argc, char *argv[])
bio_s_out = dup_bio_out(FORMAT_TEXT);
}
}
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) ||
!defined(OPENSSL_NO_EC)
- if (nocert)
-#endif
- {
+ if (nocert) {
s_cert_file = NULL;
s_key_file = NULL;
s_dcert_file = NULL;
diff --git a/crypto/cms/build.info b/crypto/cms/build.info
index c7579f78c1..5fabea7c53 100644
--- a/crypto/cms/build.info
+++ b/crypto/cms/build.info
@@ -2,11 +2,4 @@ LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
- cms_pwri.c cms_kari.c cms_rsa.c
-
-IF[{- !$disabled{dh} -}]
- SOURCE[../../libcrypto]=cms_dh.c
-ENDIF
-IF[{- !$disabled{ec} || !$disabled{dsa}-}]
- SOURCE[../../libcrypto]=cms_ec.c
-ENDIF
+ cms_pwri.c cms_kari.c cms_rsa.c cms_dh.c cms_ec.c
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 90b439dd35..9cba6364d1 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -148,13 +148,13 @@ static int dh_cms_decrypt(CMS_RecipientInfo *ri)
if (alg == NULL || pubkey == NULL)
return 0;
if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
- ERR_raise(ERR_LIB_DH, DH_R_PEER_KEY_ERROR);
+ ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR);
return 0;
}
}
/* Set DH derivation parameters and initialise unwrap context */
if (!dh_cms_set_shared_info(pctx, ri)) {
- ERR_raise(ERR_LIB_DH, DH_R_SHARED_INFO_ERROR);
+ ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR);
return 0;
}
return 1;
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 8cb41dfdef..8ae912c9c3 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -14,7 +14,6 @@
#include "cms_local.h"
#include "crypto/evp.h"
-#ifndef OPENSSL_NO_EC
static EVP_PKEY *pkey_type2param(int ptype, const void *pval,
OSSL_LIB_CTX *libctx, const char *propq)
{
@@ -384,7 +383,6 @@ int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt)
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
return 0;
}
-#endif
/* ECDSA and DSA implementation is the same */
int cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify)
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index cedabe1f3c..15ebe1b86b 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -115,17 +115,11 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
} else
return 0;
-#ifndef OPENSSL_NO_DH
if (EVP_PKEY_is_a(pkey, "DHX"))
return cms_dh_envelope(ri, cmd);
- else
-#endif
-#ifndef OPENSSL_NO_EC
- if (EVP_PKEY_is_a(pkey, "EC"))
+ else if (EVP_PKEY_is_a(pkey, "EC"))
return cms_ecdh_envelope(ri, cmd);
- else
-#endif
- if (EVP_PKEY_is_a(pkey, "RSA"))
+ else if (EVP_PKEY_is_a(pkey, "RSA"))
return cms_rsa_envelope(ri, cmd);
/* Something else? We'll give engines etc a chance to handle this */
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 1020227c54..96b92bdc63 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -232,12 +232,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
EVP_PKEY *pkey = si->pkey;
int i;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
return cms_ecdsa_dsa_sign(si, cmd);
- else
-#endif
- if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
+ else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
return cms_rsa_sign(si, cmd);
/* Something else? We'll give engines etc a chance to handle this */
diff --git a/crypto/dh/build.info b/crypto/dh/build.info
index 887ef78b0b..b413567271 100644
--- a/crypto/dh/build.info
+++ b/crypto/dh/build.info
@@ -5,7 +5,7 @@ $COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c
dh_backend.c dh_gen.c \
SOURCE[../../libcrypto]=$COMMON\
dh_asn1.c dh_err.c \
- dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_meth.c dh_ctrl.c
+ dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_meth.c
IF[{- !$disabled{'deprecated-0.9.8'} -}]
SOURCE[../../libcrypto]=dh_depr.c
ENDIF
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index e03693f687..a752cf9a98 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -21,160 +21,43 @@
#include "dh_local.h"
#include <openssl/bn.h>
#include <openssl/objects.h>
-#include "crypto/bn_dh.h"
+#include "internal/nelem.h"
#include "crypto/dh.h"
#include "e_os.h" /* strcasecmp */
-#define FFDHE(sz) {
\
- SN_ffdhe##sz, NID_ffdhe##sz,
\
- sz,
\
- &_bignum_ffdhe##sz##_p, &_bignum_ffdhe##sz##_q, &_bignum_const_2
\
-}
-
-#define MODP(sz) {
\
- SN_modp_##sz, NID_modp_##sz,
\
- sz,
\
- &_bignum_modp_##sz##_p, &_bignum_modp_##sz##_q, &_bignum_const_2
\
-}
-
-#define RFC5114(name, uid, sz, tag) {
\
- name, uid,
\
- sz,
\
- &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g
\
-}
-
-typedef struct dh_named_group_st {
- const char *name;
- int uid;
- int32_t nbits;
- const BIGNUM *p;
- const BIGNUM *q;
- const BIGNUM *g;
-} DH_NAMED_GROUP;
-
-
-static const DH_NAMED_GROUP dh_named_groups[] = {
- FFDHE(2048),
- FFDHE(3072),
- FFDHE(4096),
- FFDHE(6144),
- FFDHE(8192),
-#ifndef FIPS_MODULE
- MODP(1536),
-#endif
- MODP(2048),
- MODP(3072),
- MODP(4096),
- MODP(6144),
- MODP(8192),
- /*
- * Additional dh named groups from RFC 5114 that have a different g.
- * The uid can be any unique identifier.
- */
-#ifndef FIPS_MODULE
- RFC5114("dh_1024_160", 1, 1024, 1024_160),
- RFC5114("dh_2048_224", 2, 2048, 2048_224),
- RFC5114("dh_2048_256", 3, 2048, 2048_256),
-#endif
-};
-
-int ossl_ffc_named_group_to_uid(const char *name)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
- if (strcasecmp(dh_named_groups[i].name, name) == 0)
- return dh_named_groups[i].uid;
- }
- return NID_undef;
-}
-
-const char *ossl_ffc_named_group_from_uid(int uid)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
- if (dh_named_groups[i].uid == uid)
- return dh_named_groups[i].name;
- }
- return NULL;
-}
-
-static DH *dh_param_init(OSSL_LIB_CTX *libctx, int uid, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *g)
+static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
{
DH *dh = dh_new_ex(libctx);
if (dh == NULL)
return NULL;
- dh->params.nid = uid;
- dh->params.p = (BIGNUM *)p;
- dh->params.q = (BIGNUM *)q;
- dh->params.g = (BIGNUM *)g;
- dh->length = BN_num_bits(q);
+ ossl_ffc_named_group_set_pqg(&dh->params, group);
+ dh->params.nid = ossl_ffc_named_group_get_uid(group);
+ dh->length = BN_num_bits(dh->params.q);
dh->dirty_cnt++;
return dh;
}
-static DH *dh_new_by_group_name(OSSL_LIB_CTX *libctx, const char *name)
+DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
{
- int i;
+ const DH_NAMED_GROUP *group;
- if (name == NULL)
- return NULL;
+ if ((group = ossl_ffc_uid_to_dh_named_group(nid)) != NULL)
+ return dh_param_init(libctx, group);
- for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
- if (strcasecmp(dh_named_groups[i].name, name) == 0) {
- return dh_param_init(libctx, dh_named_groups[i].uid,
- dh_named_groups[i].p,
- dh_named_groups[i].q,
- dh_named_groups[i].g);
- }
- }
ERR_raise(ERR_LIB_DH, DH_R_INVALID_PARAMETER_NID);
return NULL;
}
-DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
-{
- const char *name = ossl_ffc_named_group_from_uid(nid);
-
- return dh_new_by_group_name(libctx, name);
-}
-
DH *DH_new_by_nid(int nid)
{
return dh_new_by_nid_ex(NULL, nid);
}
-int ossl_ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
-{
- int i;
- BIGNUM *q = NULL;
-
- if (ffc == NULL)
- return 0;
-
- for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
- if (strcasecmp(dh_named_groups[i].name, group_name) == 0) {
- ossl_ffc_params_set0_pqg(ffc,
- (BIGNUM *)dh_named_groups[i].p,
- (BIGNUM *)dh_named_groups[i].q,
- (BIGNUM *)dh_named_groups[i].g);
- /* flush the cached nid, The DH layer is responsible for caching */
- ffc->nid = NID_undef;
- return 1;
- }
- }
- /* gets here on error or if the name was not found */
- BN_free(q);
- return 0;
-}
-
void dh_cache_named_group(DH *dh)
{
- int i;
+ const DH_NAMED_GROUP *group;
if (dh == NULL)
return;
@@ -186,22 +69,15 @@ void dh_cache_named_group(DH *dh)
|| dh->params.g == NULL)
return;
- for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
- /* Keep searching until a matching p and g is found */
- if (BN_cmp(dh->params.p, dh_named_groups[i].p) == 0
- && BN_cmp(dh->params.g, dh_named_groups[i].g) == 0) {
- /* Verify q is correct if it exists */
- if (dh->params.q != NULL) {
- if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
- continue; /* ignore if q does not match */
- } else {
- dh->params.q = (BIGNUM *)dh_named_groups[i].q;
- }
- dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
- dh->length = BN_num_bits(dh->params.q);
- dh->dirty_cnt++;
- break;
- }
+ if ((group = ossl_ffc_numbers_to_dh_named_group(dh->params.p,
+ dh->params.q,
+ dh->params.g)) != NULL) {
+ if (dh->params.q == NULL)
+ dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group);
+ /* cache the nid */
+ dh->params.nid = ossl_ffc_named_group_get_uid(group);
+ dh->length = BN_num_bits(dh->params.q);
+ dh->dirty_cnt++;
}
}
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 63512565ba..fff3ab1e1c 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -57,7 +57,7 @@ IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
ENDIF
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
- ec_err.c eck_prn.c ec_ctrl.c
+ ec_err.c eck_prn.c
SOURCE[../../providers/libfips.a]=$COMMON
# Implementations are now spread across several libraries, so the defines
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 051d3fe181..2fedaf0490 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -21,7 +21,6 @@
#include <openssl/objects.h>
#include <openssl/opensslconf.h>
#include "internal/nelem.h"
-#include "e_os.h" /* strcasecmp required by windows */
typedef struct {
int field_type, /* either NID_X9_62_prime_field or
@@ -2818,7 +2817,6 @@ static const struct {
#endif /* OPENSSL_NO_SM2 */
typedef struct _ec_list_element_st {
- const char *name;
int nid;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth) (void);
@@ -2829,7 +2827,7 @@ typedef struct _ec_list_element_st {
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
- {"secp224r1", NID_secp224r1, &_EC_NIST_PRIME_224.h,
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h,
# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp224_method,
# else
@@ -2837,7 +2835,7 @@ static const ec_list_element curve_list[] = {
# endif
"NIST/SECG curve over a 224 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {"secp384r1", NID_secp384r1, &_EC_NIST_PRIME_384.h,
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
@@ -2845,7 +2843,7 @@ static const ec_list_element curve_list[] = {
# endif
"NIST/SECG curve over a 384 bit prime field"},
- {"secp521r1", NID_secp521r1, &_EC_NIST_PRIME_521.h,
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
@@ -2856,9 +2854,9 @@ static const ec_list_element curve_list[] = {
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
- {"prime192v1", NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+ {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
"NIST/X9.62/SECG curve over a 192 bit prime field"},
- {"prime256v1", NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
@@ -2873,25 +2871,25 @@ static const ec_list_element curve_list[] = {
# ifndef OPENSSL_NO_EC2M
/* characteristic two field curves */
/* NIST/SECG curves */
- {"sect163k1", NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
+ {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
"NIST/SECG/WTLS curve over a 163 bit binary field"},
- {"sect163r2", NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
+ {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
"NIST/SECG curve over a 163 bit binary field"},
- {"sect233k1", NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
+ {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
- {"sect233r1", NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
+ {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
- {"sect283k1", NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
+ {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
"NIST/SECG curve over a 283 bit binary field"},
- {"sect283r1", NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
+ {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
"NIST/SECG curve over a 283 bit binary field"},
- {"sect409k1", NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
+ {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
"NIST/SECG curve over a 409 bit binary field"},
- {"sect409r1", NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
+ {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
"NIST/SECG curve over a 409 bit binary field"},
- {"sect571k1", NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
+ {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
"NIST/SECG curve over a 571 bit binary field"},
- {"sect571r1", NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
+ {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
"NIST/SECG curve over a 571 bit binary field"},
# endif
};
@@ -2901,43 +2899,43 @@ static const ec_list_element curve_list[] = {
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
- {"secp112r1", NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+ {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
"SECG/WTLS curve over a 112 bit prime field"},
- {"secp112r2", NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+ {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
"SECG curve over a 112 bit prime field"},
- {"secp128r1", NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+ {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
"SECG curve over a 128 bit prime field"},
- {"secp128r2", NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+ {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
"SECG curve over a 128 bit prime field"},
- {"secp160k1", NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+ {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
"SECG curve over a 160 bit prime field"},
- {"secp160r1", NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+ {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
"SECG curve over a 160 bit prime field"},
- {"secp160r2", NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+ {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
"SECG/WTLS curve over a 160 bit prime field"},
/* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
- {"secp192k1", NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+ {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
"SECG curve over a 192 bit prime field"},
- {"secp224k1", NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+ {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
"SECG curve over a 224 bit prime field"},
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {"secp224r1", NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
# else
- {"secp224r1", NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
# endif
- {"secp256k1", NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+ {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {"secp384r1", NID_secp384r1, &_EC_NIST_PRIME_384.h,
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
- {"secp521r1", NID_secp521r1, &_EC_NIST_PRIME_521.h,
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
@@ -2947,19 +2945,19 @@ static const ec_list_element curve_list[] = {
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
- {"prime192v1", NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+ {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
"NIST/X9.62/SECG curve over a 192 bit prime field"},
- {"prime192v2", NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+ {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
"X9.62 curve over a 192 bit prime field"},
- {"prime192v3", NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+ {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
"X9.62 curve over a 192 bit prime field"},
- {"prime239v1", NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+ {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
"X9.62 curve over a 239 bit prime field"},
- {"prime239v2", NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+ {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
"X9.62 curve over a 239 bit prime field"},
- {"prime239v3", NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+ {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
"X9.62 curve over a 239 bit prime field"},
- {"prime256v1", NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
@@ -2973,144 +2971,144 @@ static const ec_list_element curve_list[] = {
# ifndef OPENSSL_NO_EC2M
/* characteristic two field curves */
/* NIST/SECG curves */
- {"sect113r1", NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0,
+ {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0,
"SECG curve over a 113 bit binary field"},
- {"sect113r2", NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0,
+ {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0,
"SECG curve over a 113 bit binary field"},
- { "sect131r1", NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0,
+ {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0,
"SECG/WTLS curve over a 131 bit binary field"},
- { "sect131r2", NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0,
+ {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0,
"SECG curve over a 131 bit binary field"},
- {"sect163k1", NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
+ {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
"NIST/SECG/WTLS curve over a 163 bit binary field"},
- {"sect163r1", NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0,
+ {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0,
"SECG curve over a 163 bit binary field"},
- {"sect163r2", NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
+ {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
"NIST/SECG curve over a 163 bit binary field"},
- {"sect193r1", NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0,
+ {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0,
"SECG curve over a 193 bit binary field"},
- {"sect193r2", NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0,
+ {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0,
"SECG curve over a 193 bit binary field"},
- {"sect233k1", NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
+ {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
- {"sect233r1", NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
+ {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
- {"sect239k1", NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0,
+ {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0,
"SECG curve over a 239 bit binary field"},
- {"sect283k1", NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
+ {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
"NIST/SECG curve over a 283 bit binary field"},
- {"sect283r1", NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
+ {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
"NIST/SECG curve over a 283 bit binary field"},
- {"sect409k1", NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
+ {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
"NIST/SECG curve over a 409 bit binary field"},
- {"sect409r1", NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
+ {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
"NIST/SECG curve over a 409 bit binary field"},
- {"sect571k1", NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
+ {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
"NIST/SECG curve over a 571 bit binary field"},
- {"sect571r1", NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
+ {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
"NIST/SECG curve over a 571 bit binary field"},
/* X9.62 curves */
- {"c2pnb163v1", NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0,
+ {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0,
"X9.62 curve over a 163 bit binary field"},
- {"c2pnb163v2", NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0,
+ {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0,
"X9.62 curve over a 163 bit binary field"},
- {"c2pnb163v3", NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0,
+ {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0,
"X9.62 curve over a 163 bit binary field"},
- {"c2pnb176v1", NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0,
+ {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0,
"X9.62 curve over a 176 bit binary field"},
- {"c2tnb191v1", NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0,
+ {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0,
"X9.62 curve over a 191 bit binary field"},
- {"c2tnb191v2", NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0,
+ {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0,
"X9.62 curve over a 191 bit binary field"},
- {"c2tnb191v3", NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0,
+ {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0,
"X9.62 curve over a 191 bit binary field"},
- {"c2pnb208w1", NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0,
+ {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0,
"X9.62 curve over a 208 bit binary field"},
- {"c2tnb239v1", NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0,
+ {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0,
"X9.62 curve over a 239 bit binary field"},
- {"c2tnb239v2", NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0,
+ {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0,
"X9.62 curve over a 239 bit binary field"},
- {"c2tnb239v3", NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0,
+ {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0,
"X9.62 curve over a 239 bit binary field"},
- {"c2pnb272w1", NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0,
+ {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0,
"X9.62 curve over a 272 bit binary field"},
- {"c2pnb304w1", NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0,
+ {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0,
"X9.62 curve over a 304 bit binary field"},
- {"c2tnb359v1", NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0,
+ {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0,
"X9.62 curve over a 359 bit binary field"},
- {"c2pnb368w1", NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0,
+ {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0,
"X9.62 curve over a 368 bit binary field"},
- {"c2tnb431r1", NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
+ {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
"X9.62 curve over a 431 bit binary field"},
/*
* the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
* from X9.62]
*/
- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
"WTLS curve over a 113 bit binary field"},
- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3,
&_EC_NIST_CHAR2_163K.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0,
"NIST/SECG/WTLS curve over a 163 bit binary field"},
- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4,
&_EC_SECG_CHAR2_113R1.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0,
"SECG curve over a 113 bit binary field"},
- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5,
&_EC_X9_62_CHAR2_163V1.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
"X9.62 curve over a 163 bit binary field"},
# endif
- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6,
&_EC_SECG_PRIME_112R1.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
"SECG/WTLS curve over a 112 bit prime field"},
- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7,
&_EC_SECG_PRIME_160R2.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
"SECG/WTLS curve over a 160 bit prime field"},
- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
"WTLS curve over a 112 bit prime field"},
- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
"WTLS curve over a 160 bit prime field"},
# ifndef OPENSSL_NO_EC2M
- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10,
&_EC_NIST_CHAR2_233K.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11,
&_EC_NIST_CHAR2_233B.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
"NIST/SECG/WTLS curve over a 233 bit binary field"},
# endif
- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+ {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
"WTLS curve over a 224 bit prime field"},
# ifndef OPENSSL_NO_EC2M
/* IPSec curves */
- {"Oakley-EC2N-3", NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+ {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
"\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
"\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
- {"Oakley-EC2N-4", NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0,
+ {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0,
"\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
"\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
# endif
/* brainpool curves */
- {"brainpoolP160r1", NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+ {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
"RFC 5639 curve over a 160 bit prime field"},
- {"brainpoolP160t1", NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+ {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
"RFC 5639 curve over a 160 bit prime field"},
- {"brainpoolP192r1", NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+ {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
"RFC 5639 curve over a 192 bit prime field"},
- {"brainpoolP192t1", NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+ {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
"RFC 5639 curve over a 192 bit prime field"},
- {"brainpoolP224r1", NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+ {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
"RFC 5639 curve over a 224 bit prime field"},
- {"brainpoolP224t1", NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+ {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
"RFC 5639 curve over a 224 bit prime field"},
- {"brainpoolP256r1", NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+ {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
"RFC 5639 curve over a 256 bit prime field"},
- {"brainpoolP256t1", NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+ {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
"RFC 5639 curve over a 256 bit prime field"},
- {"brainpoolP320r1", NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0,
+ {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0,
"RFC 5639 curve over a 320 bit prime field"},
- {"brainpoolP320t1", NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0,
+ {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0,
"RFC 5639 curve over a 320 bit prime field"},
- {"brainpoolP384r1", NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0,
+ {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0,
"RFC 5639 curve over a 384 bit prime field"},
- {"brainpoolP384t1", NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0,
+ {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0,
"RFC 5639 curve over a 384 bit prime field"},
- {"brainpoolP512r1", NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0,
+ {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0,
"RFC 5639 curve over a 512 bit prime field"},
- {"brainpoolP512t1", NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
+ {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
"RFC 5639 curve over a 512 bit prime field"},
# ifndef OPENSSL_NO_SM2
- {"SM2", NID_sm2, &_EC_sm2p256v1.h, 0,
+ {NID_sm2, &_EC_sm2p256v1.h, 0,
"SM2 curve over a 256 bit prime field"},
# endif
};
@@ -3132,54 +3130,6 @@ static const ec_list_element *ec_curve_nid2curve(int nid)
return NULL;
}
-static const ec_list_element *ec_curve_name2curve(const char *name)
-{
- size_t i;
-
- for (i = 0; i < curve_list_length; i++) {
- if (strcasecmp(curve_list[i].name, name) == 0)
- return &curve_list[i];
- }
- return NULL;
-}
-
-const char *ec_curve_nid2name(int nid)
-{
- /*
- * TODO(3.0) Figure out if we should try to find the nid with
- * EC_curve_nid2nist() first, i.e. make it a priority to return
- * NIST names if there is one for the NID. This is related to
- * the TODO comment in ec_curve_name2nid().
- */
- const ec_list_element *curve = ec_curve_nid2curve(nid);
-
- if (curve != NULL)
- return curve->name;
- return NULL;
-}
-
-int ec_curve_name2nid(const char *name)
-{
- const ec_list_element *curve = NULL;
- int nid;
-
- if ((nid = EC_curve_nist2nid(name)) != NID_undef)
- return nid;
-
-#ifndef FIPS_MODULE
- /*
- * TODO(3.0) Figure out if we can use other names than the NIST names
- * ("B-163", "K-163" & "P-192") in the FIPS module, or if other names
- * are allowed as well as long as they lead to the same curve data.
- * If only the NIST names are allowed in the FIPS module, we should
- * move '#endif' to just before 'return NID_undef'.
- */
-#endif
- if ((curve = ec_curve_name2curve(name)) != NULL)
- return curve->nid;
- return NID_undef;
-}
-
static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
const char *propq,
const ec_list_element curve)
@@ -3334,49 +3284,14 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r,
size_t nitems)
return curve_list_length;
}
-/* Functions to translate between common NIST curve names and NIDs */
-
-typedef struct {
- const char *name; /* NIST Name of curve */
- int nid; /* Curve NID */
-} EC_NIST_NAME;
-
-static EC_NIST_NAME nist_curves[] = {
- {"B-163", NID_sect163r2},
- {"B-233", NID_sect233r1},
- {"B-283", NID_sect283r1},
- {"B-409", NID_sect409r1},
- {"B-571", NID_sect571r1},
- {"K-163", NID_sect163k1},
- {"K-233", NID_sect233k1},
- {"K-283", NID_sect283k1},
- {"K-409", NID_sect409k1},
- {"K-571", NID_sect571k1},
- {"P-192", NID_X9_62_prime192v1},
- {"P-224", NID_secp224r1},
- {"P-256", NID_X9_62_prime256v1},
- {"P-384", NID_secp384r1},
- {"P-521", NID_secp521r1}
-};
-
const char *EC_curve_nid2nist(int nid)
{
- size_t i;
- for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
- if (nist_curves[i].nid == nid)
- return nist_curves[i].name;
- }
- return NULL;
+ return ec_curve_nid2nist_int(nid);
}
int EC_curve_nist2nid(const char *name)
{
- size_t i;
- for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
- if (strcmp(nist_curves[i].name, name) == 0)
- return nist_curves[i].nid;
- }
- return NID_undef;
+ return ec_curve_nist2nid_int(name);
}
#define NUM_BN_FIELDS 6
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 204c199bac..4b3057873f 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -2,11 +2,7 @@ LIBS=../../libcrypto
$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c
\
m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
- pmeth_check.c evp_rand.c asymcipher.c kem.c
-
-# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda
-# sorta not.
-$COMMON=$COMMON dsa_ctrl.c
+ pmeth_check.c evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
@@ -21,6 +17,10 @@ SOURCE[../../libcrypto]=$COMMON\
e_chacha20_poly1305.c \
legacy_sha.c
+# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda
+# sorta not.
+SOURCE[../../libcrypto]=dh_ctrl.c dsa_ctrl.c ec_ctrl.c
+
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[../../libcrypto]=p_enc.c p_dec.c
ENDIF
diff --git a/crypto/dh/dh_ctrl.c b/crypto/evp/dh_ctrl.c
similarity index 94%
rename from crypto/dh/dh_ctrl.c
rename to crypto/evp/dh_ctrl.c
index 291b0ad419..64492389b7 100644
--- a/crypto/dh/dh_ctrl.c
+++ b/crypto/evp/dh_ctrl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,22 +7,14 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * DH low level APIs are deprecated for public use, but still ok for
- * internal use.
- */
-#include "internal/deprecated.h"
-
#include <stdio.h>
-#include "crypto/evp.h"
-#include <openssl/bn.h>
-#include <openssl/engine.h>
-#include <openssl/obj_mac.h>
+#include <string.h>
#include <openssl/core_names.h>
-#include "internal/cryptlib.h"
-#include "internal/refcount.h"
+#include <openssl/params.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
#include "crypto/dh.h"
-#include "dh_local.h"
+#include "crypto/evp.h"
static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
{
@@ -179,7 +171,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
- name = ossl_ffc_named_group_from_uid(gen);
+ name = ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(gen));
if (name == NULL)
return 0;
@@ -208,7 +200,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_NID, nid, NULL);
- name = ossl_ffc_named_group_from_uid(nid);
+ name = ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(nid));
if (name == NULL)
return 0;
@@ -218,6 +210,28 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
return EVP_PKEY_CTX_set_params(ctx, params);
}
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
+{
+ OSSL_PARAM dh_pad_params[2];
+ unsigned int upad = pad;
+
+ /* We use EVP_PKEY_CTX_ctrl return values */
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_DH_PAD, pad, NULL);
+
+ dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD,
&upad);
+ dh_pad_params[1] = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, dh_pad_params);
+}
+
int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
{
int ret;
diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c
new file mode 100644
index 0000000000..212cf908eb
--- /dev/null
+++ b/crypto/evp/dh_support.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h> /* strcmp */
+#include <openssl/dh.h>
+#include "internal/nelem.h"
+#include "crypto/dh.h"
+
+typedef struct dh_name2id_st{
+ const char *name;
+ int id;
+} DH_GENTYPE_NAME2ID;
+
+static const DH_GENTYPE_NAME2ID dhtype2id[]=
+{
+ { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
+ { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
+ { "group", DH_PARAMGEN_TYPE_GROUP },
+ { "generator", DH_PARAMGEN_TYPE_GENERATOR }
+};
+
+const char *dh_gen_type_id2name(int id)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+ if (dhtype2id[i].id == id)
+ return dhtype2id[i].name;
+ }
+ return NULL;
+}
+
+int dh_gen_type_name2id(const char *name)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+ if (strcmp(dhtype2id[i].name, name) == 0)
+ return dhtype2id[i].id;
+ }
+ return -1;
+}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index b0ce61f935..1d16c52060 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -94,12 +94,8 @@ EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const
ASN1_OCTET_STRING *id,
goto err;
}
-# ifndef OPENSSL_NO_EC
- if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0)
goto err;
- }
-# endif
EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
return ctx;
diff --git a/crypto/ec/ec_ctrl.c b/crypto/evp/ec_ctrl.c
similarity index 99%
rename from crypto/ec/ec_ctrl.c
rename to crypto/evp/ec_ctrl.c
index 1465af2bec..541d8549d4 100644
--- a/crypto/ec/ec_ctrl.c
+++ b/crypto/evp/ec_ctrl.c
@@ -9,13 +9,11 @@
#include <string.h>
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
#include <openssl/core_names.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
#include "crypto/evp.h"
-
-#include "ec_local.h"
+#include "crypto/ec.h"
/*
* This file is meant to contain functions to provide EVP_PKEY support for EC
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
new file mode 100644
index 0000000000..7afd307435
--- /dev/null
+++ b/crypto/evp/ec_support.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include "crypto/ec.h"
+#include "e_os.h" /* strcasecmp required by windows */
+
+typedef struct ec_name2nid_st {
+ const char *name;
+ int nid;
+} EC_NAME2NID;
+
+static const EC_NAME2NID curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+ {"secp112r1", NID_secp112r1 },
+ {"secp112r2", NID_secp112r2 },
+ {"secp128r1", NID_secp128r1 },
+ {"secp128r2", NID_secp128r2 },
+ {"secp160k1", NID_secp160k1 },
+ {"secp160r1", NID_secp160r1 },
+ {"secp160r2", NID_secp160r2 },
+ {"secp192k1", NID_secp192k1 },
+ {"secp224k1", NID_secp224k1 },
+ {"secp224r1", NID_secp224r1 },
+ {"secp256k1", NID_secp256k1 },
+ {"secp384r1", NID_secp384r1 },
+ {"secp521r1", NID_secp521r1 },
+ /* X9.62 curves */
+ {"prime192v1", NID_X9_62_prime192v1 },
+ {"prime192v2", NID_X9_62_prime192v2 },
+ {"prime192v3", NID_X9_62_prime192v3 },
+ {"prime239v1", NID_X9_62_prime239v1 },
+ {"prime239v2", NID_X9_62_prime239v2 },
+ {"prime239v3", NID_X9_62_prime239v3 },
+ {"prime256v1", NID_X9_62_prime256v1 },
+ /* characteristic two field curves */
+ /* NIST/SECG curves */
+ {"sect113r1", NID_sect113r1 },
+ {"sect113r2", NID_sect113r2 },
+ {"sect131r1", NID_sect131r1 },
+ {"sect131r2", NID_sect131r2 },
+ {"sect163k1", NID_sect163k1 },
+ {"sect163r1", NID_sect163r1 },
+ {"sect163r2", NID_sect163r2 },
+ {"sect193r1", NID_sect193r1 },
+ {"sect193r2", NID_sect193r2 },
+ {"sect233k1", NID_sect233k1 },
+ {"sect233r1", NID_sect233r1 },
+ {"sect239k1", NID_sect239k1 },
+ {"sect283k1", NID_sect283k1 },
+ {"sect283r1", NID_sect283r1 },
+ {"sect409k1", NID_sect409k1 },
+ {"sect409r1", NID_sect409r1 },
+ {"sect571k1", NID_sect571k1 },
+ {"sect571r1", NID_sect571r1 },
+ /* X9.62 curves */
+ {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
+ {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
+ {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
+ {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
+ {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
+ {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
+ {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
+ {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
+ {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
+ {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
+ {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
+ {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
+ {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
+ {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
+ {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
+ {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
+ /*
+ * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+ * from X9.62]
+ */
+ {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
+ {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
+ {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
+ {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
+ {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
+ {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
+ {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
+ {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
+ {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
+ {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
+ {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
+ /* IPSec curves */
+ {"Oakley-EC2N-3", NID_ipsec3 },
+ {"Oakley-EC2N-4", NID_ipsec4 },
+ /* brainpool curves */
+ {"brainpoolP160r1", NID_brainpoolP160r1 },
+ {"brainpoolP160t1", NID_brainpoolP160t1 },
+ {"brainpoolP192r1", NID_brainpoolP192r1 },
+ {"brainpoolP192t1", NID_brainpoolP192t1 },
+ {"brainpoolP224r1", NID_brainpoolP224r1 },
+ {"brainpoolP224t1", NID_brainpoolP224t1 },
+ {"brainpoolP256r1", NID_brainpoolP256r1 },
+ {"brainpoolP256t1", NID_brainpoolP256t1 },
+ {"brainpoolP320r1", NID_brainpoolP320r1 },
+ {"brainpoolP320t1", NID_brainpoolP320t1 },
+ {"brainpoolP384r1", NID_brainpoolP384r1 },
+ {"brainpoolP384t1", NID_brainpoolP384t1 },
+ {"brainpoolP512r1", NID_brainpoolP512r1 },
+ {"brainpoolP512t1", NID_brainpoolP512t1 },
+ /* SM2 curve */
+ {"SM2", NID_sm2 },
+};
+
+const char *ec_curve_nid2name(int nid)
+{
+ size_t i;
+
+ if (nid <= 0)
+ return NULL;
+
+ /*
+ * TODO(3.0) Figure out if we should try to find the nid with
+ * EC_curve_nid2nist() first, i.e. make it a priority to return
+ * NIST names if there is one for the NID. This is related to
+ * the TODO comment in ec_curve_name2nid().
+ */
+
+ for (i = 0; i < OSSL_NELEM(curve_list); i++) {
+ if (curve_list[i].nid == nid)
+ return curve_list[i].name;
+ }
+ return NULL;
+}
+
+int ec_curve_name2nid(const char *name)
+{
+ size_t i;
+ int nid;
+
+ if (name != NULL) {
+ if ((nid = ec_curve_nist2nid_int(name)) != NID_undef)
+ return nid;
+
+ for (i = 0; i < OSSL_NELEM(curve_list); i++) {
+ if (strcasecmp(curve_list[i].name, name) == 0)
+ return curve_list[i].nid;
+ }
+ }
+
+ return NID_undef;
+}
+
+/* Functions to translate between common NIST curve names and NIDs */
+
+static const EC_NAME2NID nist_curves[] = {
+ {"B-163", NID_sect163r2},
+ {"B-233", NID_sect233r1},
+ {"B-283", NID_sect283r1},
+ {"B-409", NID_sect409r1},
+ {"B-571", NID_sect571r1},
+ {"K-163", NID_sect163k1},
+ {"K-233", NID_sect233k1},
+ {"K-283", NID_sect283k1},
+ {"K-409", NID_sect409k1},
+ {"K-571", NID_sect571k1},
+ {"P-192", NID_X9_62_prime192v1},
+ {"P-224", NID_secp224r1},
+ {"P-256", NID_X9_62_prime256v1},
+ {"P-384", NID_secp384r1},
+ {"P-521", NID_secp521r1}
+};
+
+const char *ec_curve_nid2nist_int(int nid)
+{
+ size_t i;
+ for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+ if (nist_curves[i].nid == nid)
+ return nist_curves[i].name;
+ }
+ return NULL;
+}
+
+int ec_curve_nist2nid_int(const char *name)
+{
+ size_t i;
+ for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+ if (strcmp(nist_curves[i].name, name) == 0)
+ return nist_curves[i].nid;
+ }
+ return NID_undef;
+}
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 7947d05907..48fa330ac3 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1008,20 +1008,16 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx,
const char *name)
/* Could be a legacy key, try and convert to a ctrl */
if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
-# ifndef OPENSSL_NO_DH
if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
EVP_PKEY_OP_PARAMGEN
| EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_NID, nid, NULL);
-# endif
-# ifndef OPENSSL_NO_EC
if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
nid, NULL);
-# endif
}
#endif
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 6211019b62..326c58c8aa 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -35,6 +35,7 @@
#include "internal/ffc.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include "crypto/ec.h"
#include "crypto/ecx.h"
#include "internal/provider.h"
#include "evp_local.h"
@@ -1241,8 +1242,12 @@ int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char
*gname, size_t gname_sz,
DH *dh = EVP_PKEY_get0_DH(pkey);
int uid = DH_get_nid(dh);
- if (uid != NID_undef)
- name = ossl_ffc_named_group_from_uid(uid);
+ if (uid != NID_undef) {
+ const DH_NAMED_GROUP *dh_group =
+ ossl_ffc_uid_to_dh_named_group(uid);
+
+ name = ossl_ffc_named_group_get_name(dh_group);
+ }
}
break;
#endif
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7364a148a6..f817173555 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -834,30 +834,6 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx,
OSSL_PARAM *params)
return EVP_PKEY_CTX_get_params(ctx, params);
}
-# ifndef OPENSSL_NO_DH
-int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
-{
- OSSL_PARAM dh_pad_params[2];
- unsigned int upad = pad;
-
- /* We use EVP_PKEY_CTX_ctrl return values */
- if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
- return -2;
- }
-
- /* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.kex.exchprovctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
- EVP_PKEY_CTRL_DH_PAD, pad, NULL);
-
- dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD,
&upad);
- dh_pad_params[1] = OSSL_PARAM_construct_end();
-
- return EVP_PKEY_CTX_set_params(ctx, dh_pad_params);
-}
-# endif
-
int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
{
OSSL_PARAM sig_md_params[2], *p = sig_md_params;
@@ -1252,7 +1228,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return evp_pkey_ctx_get1_id_len_prov(ctx, p2);
}
-# ifndef OPENSSL_NO_DH
if (keytype == EVP_PKEY_DHX) {
switch (cmd) {
case EVP_PKEY_CTRL_DH_KDF_TYPE:
@@ -1291,8 +1266,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1);
}
}
-# endif
-# ifndef OPENSSL_NO_DSA
if (keytype == EVP_PKEY_DSA) {
switch (cmd) {
case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
@@ -1303,8 +1276,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, p2);
}
}
-# endif
-# ifndef OPENSSL_NO_EC
if (keytype == EVP_PKEY_EC) {
switch (cmd) {
case EVP_PKEY_CTRL_EC_PARAM_ENC:
@@ -1340,7 +1311,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
}
}
-# endif
if (keytype == EVP_PKEY_RSA) {
switch (cmd) {
case EVP_PKEY_CTRL_RSA_OAEP_MD:
@@ -1571,15 +1541,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
const char *name,
name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
-# ifndef OPENSSL_NO_DSA
else if (strcmp(name, "dsa_paramgen_bits") == 0)
name = OSSL_PKEY_PARAM_FFC_PBITS;
else if (strcmp(name, "dsa_paramgen_q_bits") == 0)
name = OSSL_PKEY_PARAM_FFC_QBITS;
else if (strcmp(name, "dsa_paramgen_md") == 0)
name = OSSL_PKEY_PARAM_FFC_DIGEST;
-# endif
-# ifndef OPENSSL_NO_DH
else if (strcmp(name, "dh_paramgen_generator") == 0)
name = OSSL_PKEY_PARAM_DH_GENERATOR;
else if (strcmp(name, "dh_paramgen_prime_len") == 0)
@@ -1592,12 +1559,13 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
const char *name,
} else if (strcmp(name, "dh_param") == 0)
name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "dh_rfc5114") == 0) {
+ int num = atoi(value);
+
name = OSSL_PKEY_PARAM_GROUP_NAME;
- value = ossl_ffc_named_group_from_uid(atoi(value));
+ value =
+ ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num));
} else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;
-# endif
-# ifndef OPENSSL_NO_EC
else if (strcmp(name, "ec_paramgen_curve") == 0)
name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "ecdh_cofactor_mode") == 0)
@@ -1606,7 +1574,6 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
const char *name,
name = OSSL_EXCHANGE_PARAM_KDF_DIGEST;
else if (strcmp(name, "ec_param_enc") == 0)
name = OSSL_PKEY_PARAM_EC_ENCODING;
-# endif
else if (strcmp(name, "N") == 0)
name = OSSL_KDF_PARAM_SCRYPT_N;
diff --git a/crypto/ffc/build.info b/crypto/ffc/build.info
index a04430d1d1..61cca17c5f 100644
--- a/crypto/ffc/build.info
+++ b/crypto/ffc/build.info
@@ -1,7 +1,8 @@
LIBS=../../libcrypto
-$COMMON=ffc_params.c ffc_params_generate.c ffc_key_generate.c\
- ffc_params_validate.c ffc_key_validate.c ffc_backend.c
+$COMMON=ffc_params.c ffc_params_generate.c ffc_key_generate.c \
+ ffc_params_validate.c ffc_key_validate.c ffc_backend.c \
+ ffc_dh.c
SOURCE[../../libcrypto]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index fddd41557e..43825d9216 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -29,14 +29,16 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const
OSSL_PARAM params[])
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
if (prm != NULL) {
- if (prm->data_type != OSSL_PARAM_UTF8_STRING)
- goto err;
-#ifndef OPENSSL_NO_DH
/*
* In a no-dh build we just go straight to err because we have no
* support for this.
*/
- if (!ossl_ffc_set_group_pqg(ffc, prm->data))
+#ifndef OPENSSL_NO_DH
+ const DH_NAMED_GROUP *group = NULL;
+
+ if (prm->data_type != OSSL_PARAM_UTF8_STRING
+ || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
+ || !ossl_ffc_named_group_set_pqg(ffc, group))
#endif
goto err;
}
diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c
new file mode 100644
index 0000000000..313466b0ea
--- /dev/null
+++ b/crypto/ffc/ffc_dh.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/ffc.h"
+#include "internal/nelem.h"
+#include "crypto/bn_dh.h"
+#include "e_os.h" /* strcasecmp */
+
+#ifndef OPENSSL_NO_DH
+
+# define FFDHE(sz) { \
+ SN_ffdhe##sz, NID_ffdhe##sz, \
+ sz, \
+ &_bignum_ffdhe##sz##_p, &_bignum_ffdhe##sz##_q, &_bignum_const_2, \
+ }
+
+# define MODP(sz) { \
+ SN_modp_##sz, NID_modp_##sz, \
+ sz, \
+ &_bignum_modp_##sz##_p, &_bignum_modp_##sz##_q, &_bignum_const_2 \
+ }
+
+# define RFC5114(name, uid, sz, tag) { \
+ name, uid, \
+ sz, \
+ &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g \
+ }
+
+#else
+
+# define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz }
+# define MODP(sz) { SN_modp_##sz, NID_modp_##sz }
+# define RFC5114(name, uid, sz, tag) { name, uid }
+
+#endif
+
+struct dh_named_group_st {
+ const char *name;
+ int uid;
+#ifndef OPENSSL_NO_DH
+ int32_t nbits;
+ const BIGNUM *p;
+ const BIGNUM *q;
+ const BIGNUM *g;
+#endif
+};
+
+static const DH_NAMED_GROUP dh_named_groups[] = {
+ FFDHE(2048),
+ FFDHE(3072),
+ FFDHE(4096),
+ FFDHE(6144),
+ FFDHE(8192),
+#ifndef FIPS_MODULE
+ MODP(1536),
+#endif
+ MODP(2048),
+ MODP(3072),
+ MODP(4096),
+ MODP(6144),
+ MODP(8192),
+ /*
+ * Additional dh named groups from RFC 5114 that have a different g.
+ * The uid can be any unique identifier.
+ */
+#ifndef FIPS_MODULE
+ RFC5114("dh_1024_160", 1, 1024, 1024_160),
+ RFC5114("dh_2048_224", 2, 2048, 2048_224),
+ RFC5114("dh_2048_256", 3, 2048, 2048_256),
+#endif
+};
+
+const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, name) == 0)
+ return &dh_named_groups[i];
+ }
+ return NULL;
+}
+
+const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (dh_named_groups[i].uid == uid)
+ return &dh_named_groups[i];
+ }
+ return NULL;
+}
+
+#ifndef OPENSSL_NO_DH
+const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p,
+ const BIGNUM *q,
+ const BIGNUM *g)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ /* Keep searching until a matching p and g is found */
+ if (BN_cmp(p, dh_named_groups[i].p) == 0
+ && BN_cmp(g, dh_named_groups[i].g) == 0
+ /* Verify q is correct if it exists */
+ && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0))
+ return &dh_named_groups[i];
+ }
+ return NULL;
+}
+#endif
+
+int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group)
+{
+ if (group == NULL)
+ return NID_undef;
+ return group->uid;
+}
+
+const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *group)
+{
+ if (group == NULL)
+ return NULL;
+ return group->name;
+}
+
+#ifndef OPENSSL_NO_DH
+const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group)
+{
+ if (group == NULL)
+ return NULL;
+ return group->q;
+}
+
+int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group)
+{
+ if (ffc == NULL || group == NULL)
+ return 0;
+
+ ossl_ffc_params_set0_pqg(ffc, (BIGNUM *)group->p, (BIGNUM *)group->q,
+ (BIGNUM *)group->g);
+
+ /* flush the cached nid, The DH layer is responsible for caching */
+ ffc->nid = NID_undef;
+ return 1;
+}
+#endif
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index edcb44b152..43064c0222 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -269,18 +269,14 @@ int ossl_ffc_params_todata(const FFC_PARAMS *ffc,
OSSL_PARAM_BLD *bld,
ffc->seed, ffc->seedlen))
return 0;
if (ffc->nid != NID_undef) {
-#ifndef OPENSSL_NO_DH
- const char *name = ossl_ffc_named_group_from_uid(ffc->nid);
+ const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid);
+ const char *name = ossl_ffc_named_group_get_name(group);
if (name == NULL
|| !ossl_param_build_set_utf8_string(bld, params,
OSSL_PKEY_PARAM_GROUP_NAME,
name))
return 0;
-#else
- /* How could this be? We should not have a nid in a no-dh build. */
- return 0;
-#endif
}
if (!ossl_param_build_set_utf8_string(bld, params,
OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 3d59026832..f3764e4179 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -96,19 +96,6 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
-#ifndef OPENSSL_NO_EC
- if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
- ERR_raise(ERR_LIB_X509, ERR_R_EC_LIB);
- break;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
- /* No idea */
- ERR_raise(ERR_LIB_X509, X509_R_CANT_CHECK_DH_KEY);
- break;
- }
-#endif
ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE);
}
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 0bd6516e3f..3afe16935f 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -21,6 +21,7 @@ int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const
BIGNUM *priv_key,
BIGNUM *pub_key);
int dh_get_named_group_uid_from_size(int pbits);
const char *dh_gen_type_id2name(int id);
+int dh_gen_type_name2id(const char *name);
void dh_cache_named_group(DH *dh);
FFC_PARAMS *dh_get0_params(DH *dh);
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index ffd5f19071..451a3751a1 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -12,6 +12,13 @@
#ifndef OSSL_CRYPTO_EC_H
# define OSSL_CRYPTO_EC_H
# include <openssl/opensslconf.h>
+# include <openssl/evp.h>
+
+const char *ec_curve_nid2name(int nid);
+int ec_curve_name2nid(const char *name);
+const char *ec_curve_nid2nist_int(int nid);
+int ec_curve_nist2nid_int(const char *name);
+int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
# ifndef OPENSSL_NO_EC
# include <openssl/core.h>
@@ -54,8 +61,6 @@ int ec_key_private_check(const EC_KEY *eckey);
int ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx);
OSSL_LIB_CTX *ec_key_get_libctx(const EC_KEY *eckey);
const char *ec_key_get0_propq(const EC_KEY *eckey);
-const char *ec_curve_nid2name(int nid);
-int ec_curve_name2nid(const char *name);
/* Backend support */
int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
@@ -68,7 +73,5 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM
params[]);
int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
int ec_encoding_name2id(const char *name);
-int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
-
# endif /* OPENSSL_NO_EC */
#endif
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index 3e5d98f8e1..191f9369f1 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -188,10 +188,22 @@ int ossl_ffc_validate_private_key(const BIGNUM *upper,
const BIGNUM *priv_key,
int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[]);
int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
-int ossl_ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
-int ossl_ffc_named_group_to_uid(const char *name);
-const char *ossl_ffc_named_group_from_uid(int nid);
-int ossl_ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
+
+typedef struct dh_named_group_st DH_NAMED_GROUP;
+const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name);
+const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid);
+#ifndef OPENSSL_NO_DH
+const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p,
+ const BIGNUM *q,
+ const BIGNUM *g);
+#endif
+int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group);
+const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *);
+#ifndef OPENSSL_NO_DH
+const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group);
+int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group);
+#endif
+
const char *ossl_ffc_params_flags_to_name(int flags);
int ossl_ffc_params_flags_from_name(const char *name);
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index d06fea6a23..67ba0aa687 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -17,21 +17,74 @@
# endif
# include <openssl/opensslconf.h>
+# include <openssl/types.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+#include <stdlib.h>
+
+/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
+# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */
+# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */
+# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
+# define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */
+
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen);
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
+
+int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int
len);
+int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE 1
+# define EVP_PKEY_DH_KDF_X9_42 2
# ifndef OPENSSL_NO_DH
# include <openssl/e_os2.h>
# include <openssl/bio.h>
# include <openssl/asn1.h>
-# include <openssl/types.h>
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/dherr.h>
-# ifdef __cplusplus
-extern "C" {
-# endif
-
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
# endif
@@ -107,12 +160,6 @@ DECLARE_ASN1_ITEM(DHparams)
*/
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
-# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */
-# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */
-# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
-# define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */
-
# define d2i_DHparams_fp(fp, x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams, \
@@ -271,53 +318,8 @@ OSSL_DEPRECATEDIN_0_9_8 DH *DH_generate_parameters(int
prime_len, int generator,
void *cb_arg);
# endif
-int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
-int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
-int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
- const unsigned char *seed,
- size_t seedlen);
-int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
-int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen);
-int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
-int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
-int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen);
-int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen);
-int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
-
-int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
-int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
-int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
-int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
-int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
-int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
-int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
-int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int
len);
-int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
-
-# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
-# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
-# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
-# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
-# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
-# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
-# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
-# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
-# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
-# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
-# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
-# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
-
-/* KDF types */
-# define EVP_PKEY_DH_KDF_NONE 1
-# define EVP_PKEY_DH_KDF_X9_42 2
-
-# ifdef __cplusplus
+# endif
+# ifdef __cplusplus
}
-# endif
# endif
#endif
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 2933d7503a..1f01c09fb2 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -18,6 +18,55 @@
# endif
# include <openssl/opensslconf.h>
+# include <openssl/types.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* Values for EVP_PKEY_CTX_set_ec_param_enc() */
+# define OPENSSL_EC_EXPLICIT_CURVE 0x000
+# define OPENSSL_EC_NAMED_CURVE 0x001
+
+int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+
+int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+
+int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm,
+ int len);
+int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10)
+
+/* KDF types */
+# define EVP_PKEY_ECDH_KDF_NONE 1
+# define EVP_PKEY_ECDH_KDF_X9_63 2
+/*
+ * The old name for EVP_PKEY_ECDH_KDF_X9_63
+ * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
+ * it is actually specified in ANSI X9.63.
+ * This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
# ifndef OPENSSL_NO_EC
# include <openssl/asn1.h>
@@ -26,9 +75,6 @@
# include <openssl/bn.h>
# endif
# include <openssl/ecerr.h>
-# ifdef __cplusplus
-extern "C" {
-# endif
# ifndef OPENSSL_ECC_MAX_FIELD_BITS
# define OPENSSL_ECC_MAX_FIELD_BITS 661
@@ -847,9 +893,6 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *,
unsigned int *k1,
unsigned int *k2, unsigned int *k3);
# endif
-# define OPENSSL_EC_EXPLICIT_CURVE 0x000
-# define OPENSSL_EC_NAMED_CURVE 0x001
-
EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
@@ -1478,47 +1521,8 @@ DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
# endif
# endif
-int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
-int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
-int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
-int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
-int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
-int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
-
-int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
-int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
-
-int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm,
- int len);
-int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
-
-# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5)
-# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6)
-# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7)
-# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8)
-# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9)
-# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10)
-
-/* KDF types */
-# define EVP_PKEY_ECDH_KDF_NONE 1
-# define EVP_PKEY_ECDH_KDF_X9_63 2
-/** The old name for EVP_PKEY_ECDH_KDF_X9_63
- * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
- * it is actually specified in ANSI X9.63.
- * This identifier is retained for backwards compatibility
- */
-# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
-
-# ifdef __cplusplus
+# endif
+# ifdef __cplusplus
}
-# endif
# endif
#endif
diff --git a/providers/implementations/encode_decode/encode_key2any.c
b/providers/implementations/encode_decode/encode_key2any.c
index 30837612cc..ee2930852e 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -36,6 +36,10 @@
#include "prov/der_rsa.h"
#include "endecoder_local.h"
+#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
+# define OPENSSL_NO_KEYPARAMS
+#endif
+
struct key2any_ctx_st {
PROV_CTX *provctx;
@@ -330,8 +334,7 @@ static int key_to_type_specific_pem_pub_bio(BIO *out, const
void *key,
p2s, k2d, ctx, NULL, NULL);
}
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_EC)
+#ifndef OPENSSL_NO_KEYPARAMS
static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
int key_nid, const char *pemname,
key_to_paramstring_fn *p2s,
diff --git a/providers/implementations/encode_decode/encode_key2text.c
b/providers/implementations/encode_decode/encode_key2text.c
index 2ac5046bf3..49bbf8c2af 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -159,7 +159,8 @@ static int ffc_params_to_text(BIO *out, const FFC_PARAMS
*ffc)
{
if (ffc->nid != NID_undef) {
#ifndef OPENSSL_NO_DH
- const char *name = ossl_ffc_named_group_from_uid(ffc->nid);
+ const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid);
+ const char *name = ossl_ffc_named_group_get_name(group);
if (name == NULL)
goto err;
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c
b/providers/implementations/keymgmt/dh_kmgmt.c
index dc0f3b2acd..1d674a14bf 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -23,7 +23,6 @@
#include "prov/provider_ctx.h"
#include "crypto/dh.h"
#include "internal/sizes.h"
-#include "internal/nelem.h"
static OSSL_FUNC_keymgmt_new_fn dh_newdata;
static OSSL_FUNC_keymgmt_free_fn dh_freedata;
@@ -76,34 +75,8 @@ struct dh_gen_ctx {
int dh_type;
};
-typedef struct dh_name2id_st{
- const char *name;
- int id;
-} DH_GENTYPE_NAME2ID;
-
-static const DH_GENTYPE_NAME2ID dhtype2id[]=
-{
- { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
- { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
- { "group", DH_PARAMGEN_TYPE_GROUP },
- { "generator", DH_PARAMGEN_TYPE_GENERATOR }
-};
-
-const char *dh_gen_type_id2name(int id)
+static int dh_gen_type_name2id_w_default(const char *name, int type)
{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
- if (dhtype2id[i].id == id)
- return dhtype2id[i].name;
- }
- return NULL;
-}
-
-static int dh_gen_type_name2id(const char *name, int type)
-{
- size_t i;
-
if (strcmp(name, "default") == 0) {
#ifdef FIPS_MODULE
if (type == DH_FLAG_TYPE_DHX)
@@ -118,11 +91,7 @@ static int dh_gen_type_name2id(const char *name, int type)
#endif
}
- for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
- if (strcmp(dhtype2id[i].name, name) == 0)
- return dhtype2id[i].id;
- }
- return -1;
+ return dh_gen_type_name2id(name);
}
static void *dh_newdata(void *provctx)
@@ -506,16 +475,21 @@ static int dh_gen_set_params(void *genctx, const
OSSL_PARAM params[])
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING
- || ((gctx->gen_type = dh_gen_type_name2id(p->data,
- gctx->dh_type)) == -1)) {
+ || ((gctx->gen_type =
+ dh_gen_type_name2id_w_default(p->data,
+ gctx->dh_type)) == -1)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
if (p != NULL) {
+ const DH_NAMED_GROUP *group = NULL;
+
if (p->data_type != OSSL_PARAM_UTF8_STRING
- || ((gctx->group_nid = ossl_ffc_named_group_to_uid(p->data)) ==
NID_undef)) {
+ || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
+ || ((gctx->group_nid =
+ ossl_ffc_named_group_get_uid(group)) == NID_undef)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 6e67dd1835..ad76807d4f 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -25,6 +25,10 @@
#include "helpers/predefined_dhparams.h"
#include "testutil.h"
+#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
+# define OPENSSL_NO_KEYPARAMS
+#endif
+
#ifndef OPENSSL_NO_EC
static BN_CTX *bnctx = NULL;
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
@@ -40,8 +44,7 @@ static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
# endif
#endif
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_EC)
+#ifndef OPENSSL_NO_KEYPARAMS
static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
{
EVP_PKEY *pkey = NULL;
@@ -513,8 +516,7 @@ static int test_unprotected_via_PEM(const char *type,
EVP_PKEY *key)
dump_pem, 0);
}
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_EC)
+#ifndef OPENSSL_NO_KEYPARAMS
static int check_params_DER(const char *type, const void *data, size_t
data_len)
{
const unsigned char *datap = data;
@@ -569,7 +571,7 @@ static int test_params_via_PEM(const char *type, EVP_PKEY
*key)
test_text, check_params_PEM,
dump_pem, 0);
}
-#endif /* ndef(OPENSSL_NO_DH) || ndef(OPENSSL_NO_DSA) || ndef(OPENSSL_NO_EC) */
+#endif /* !OPENSSL_NO_KEYPARAMS */
static int check_unprotected_legacy_PEM(const char *type,
const void *data, size_t data_len)
diff --git a/test/evp_pkey_dparams_test.c b/test/evp_pkey_dparams_test.c
index b8e9493dca..2b6bd31a66 100644
--- a/test/evp_pkey_dparams_test.c
+++ b/test/evp_pkey_dparams_test.c
@@ -21,7 +21,12 @@
#include <openssl/ec.h>
#include "testutil.h"
-#ifndef OPENSSL_NO_DH
+#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
+# define OPENSSL_NO_KEYPARAMS
+#endif
+
+#ifndef OPENSSL_NO_KEYPARAMS
+# ifndef OPENSSL_NO_DH
static const unsigned char dhparam_bin[] = {
0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01,0x00,0xc0,0xd1,0x2e,0x14,0x18,0xbd,0x03,
0xfd,0x39,0xe1,0x99,0xf4,0x93,0x06,0x2d,0x49,0xc6,0xb5,0xb9,0xf0,0x91,0xcb,0x2f,
@@ -41,9 +46,9 @@ static const unsigned char dhparam_bin[] = {
0x06,0x7f,0x7f,0xd7,0x7b,0x42,0x5b,0xba,0x93,0x7a,0xeb,0x43,0x5f,0xce,0x59,0x26,
0xe8,0x76,0xdc,0xee,0xe2,0xbe,0x36,0x7a,0x83,0x02,0x01,0x02
};
-#endif
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
static const unsigned char dsaparam_bin[] = {
0x30,0x82,0x02,0x28,0x02,0x82,0x01,0x01,0x00,0xf2,0x85,0x01,0xa5,0xb9,0x56,0x65,
0x19,0xff,0x9a,0x7d,0xf9,0x90,0xd6,0xaa,0x73,0xac,0xf7,0x94,0xfa,0x8a,0x64,0x6d,
@@ -81,29 +86,28 @@ static const unsigned char dsaparam_bin[] = {
0x22,0x15,0xc1,0x8b,0x04,0xb9,0x8a,0xa8,0xb7,0x1b,0x62,0x44,0xc6,0xef,0x4b,0x74,
0xd0,0xfd,0xa9,0xb4,0x4e,0xdd,0x7d,0x38,0x60,0xd1,0x40,0xcd
};
-#endif
+# endif
-#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_EC
static const unsigned char ecparam_bin[] = {
0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07
};
-#endif
+# endif
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) ||
!defined(OPENSSL_NO_EC)
static const struct {
int type;
const unsigned char *param_bin;
size_t param_bin_len;
} pkey_params [] = {
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
{ EVP_PKEY_DH, dhparam_bin, sizeof(dhparam_bin) },
-#endif
-#ifndef OPENSSL_NO_DSA
+# endif
+# ifndef OPENSSL_NO_DSA
{ EVP_PKEY_DSA, dsaparam_bin, sizeof(dsaparam_bin) },
-#endif
-#ifndef OPENSSL_NO_EC
+# endif
+# ifndef OPENSSL_NO_EC
{ EVP_PKEY_EC, ecparam_bin, sizeof(ecparam_bin) }
-#endif
+# endif
};
static int params_bio_test(int id)
@@ -140,7 +144,7 @@ static int params_bio_test(int id)
int setup_tests(void)
{
-#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
+#ifdef OPENSSL_NO_KEYPARAMS
TEST_note("No DH/DSA/EC support");
#else
ADD_ALL_TESTS(params_bio_test, OSSL_NELEM(pkey_params));
