pkpeer = EVP_PKEY_new();
if (pkpeer == NULL
|| !EVP_PKEY_copy_parameters(pkpeer, pk)
- /*
- * TODO(3.0): This is badly named!! Can we make this more
- * generic and not TLS specific?
- */
- || !EVP_PKEY_set1_tls_encodedpoint(pkpeer, p, plen))
+ || !EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen))
goto err;
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
if (p == NULL || plen == 0)
goto err;
- /* TODO(3.0): Terrible name. We need a non-tls specific name */
- if (!EVP_PKEY_set1_tls_encodedpoint(pkpeer, p, plen))
+ if (!EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen))
goto err;
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
if (aoid == OBJ_nid2obj(NID_undef)) {
/* Set the key */
- /* TODO(3.0): Terrible name. Needs a non TLS specific name */
- penclen = EVP_PKEY_get1_tls_encodedpoint(pkey, &penc);
+ penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc);
ASN1_STRING_set0(pubkey, penc, penclen);
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
return rv;
}
-int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
- const unsigned char *pt, size_t ptlen)
+int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
+ size_t publen)
{
if (pkey->ameth == NULL) {
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
return 0;
params[0] =
- OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT,
- (unsigned char *)pt, ptlen);
+ OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+ (unsigned char *)pub, publen);
return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
}
- if (ptlen > INT_MAX)
+ if (publen > INT_MAX)
return 0;
- if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
- (void *)pt) <= 0)
+ /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */
+ if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen,
+ (void *)pub) <= 0)
return 0;
return 1;
}
-size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
+size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub)
{
int rv;
return 0;
params[0] =
- OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT,
+ OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
NULL, 0);
if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
return 0;
- *ppt = OPENSSL_malloc(params[0].return_size);
- if (*ppt == NULL)
+ *ppub = OPENSSL_malloc(params[0].return_size);
+ if (*ppub == NULL)
return 0;
params[0] =
- OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT,
- *ppt, params[0].return_size);
+ OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+ *ppub, params[0].return_size);
if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params))
return 0;
}
- rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
+ rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppub);
if (rv <= 0)
return 0;
return rv;
The pkey_ctrl() method adds extra algorithm specific control.
It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
L<EVP_PKEY_supports_digest_nid(3)>,
-L<EVP_PKEY_set1_tls_encodedpoint(3)>,
-L<EVP_PKEY_get1_tls_encodedpoint(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
+L<EVP_PKEY_set1_encoded_public_key(3)>,
+L<EVP_PKEY_get1_encoded_public_key(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
L<PKCS7_RECIP_INFO_set(3)>, ...
int (*old_priv_decode) (EVP_PKEY *pkey,
These are not named safe prime groups so setting this value for the OpenSSL FIPS
provider will instead choose a named safe prime group based on the size of I<p>.
-=item "tls-encoded-pt" (B<OSSL_PKEY_PARAM_TLS_ENCODED_PT>) <octet string>
+=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
Used for getting and setting the encoding of the DH public key used in a key
exchange message for the TLS protocol.
The private key value.
-=item "tls-encoded-pt" (B<OSSL_PKEY_PARAM_TLS_ENCODED_PT>) <octet string>
+=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
-Used for getting and setting the encoding of the EC public key used in key
-exchange message for the TLS protocol.
+Used for getting and setting the encoding of an EC public key. The public key
+is expected to be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic
+Curve Cryptography") standard.
=back
The private key value.
-=item "tls-encoded-pt" (B<OSSL_PKEY_PARAM_TLS_ENCODED_PT>) <octet string>
+=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
-Used for getting and setting the encoding of the public key used in a key exchange
-message for the TLS protocol.
+Used for getting and setting the encoding of a public key for the B<X25519> and
+B<X448> key types. Public keys are expected be encoded in a format as defined by
+RFC7748.
=back
#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
-#define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt"
+#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
#define OSSL_PKEY_PARAM_GROUP_NAME "group"
#define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
char *mdname, size_t mdname_sz);
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
-int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
- const unsigned char *pt, size_t ptlen);
-size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
+/*
+ * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in
+ * preference
+ */
+#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
+ EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
+
+int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey,
+ const unsigned char *pub, size_t publen);
+
+/*
+ * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in
+ * preference
+ */
+#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
+ EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
+
+size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
int EVP_CIPHER_type(const EVP_CIPHER *ctx);
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
&& !OSSL_PARAM_set_int(p, DH_size(dh)))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
p->return_size = dh_key2buf(dh, (unsigned char **)&p->data,
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
DH_IMEXPORTABLE_PARAMETERS,
DH_IMEXPORTABLE_PUBLIC_KEY,
DH_IMEXPORTABLE_PRIVATE_KEY,
}
static const OSSL_PARAM dh_known_settable_params[] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_END
};
DH *dh = key;
const OSSL_PARAM *p;
- p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL
&& (p->data_type != OSSL_PARAM_OCTET_STRING
|| !dh_buf2key(dh, p->data, p->data_size)))
goto err;
}
}
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
+ if ((p = OSSL_PARAM_locate(params,
+ OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key),
EC_KEY_get0_public_key(key),
POINT_CONVERSION_UNCOMPRESSED,
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
EC_IMEXPORTABLE_DOM_PARAMETERS,
EC2M_GETTABLE_DOM_PARAMS
EC_IMEXPORTABLE_PUBLIC_KEY,
static const OSSL_PARAM ec_known_settable_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_END
};
EC_KEY *eck = key;
const OSSL_PARAM *p;
- p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
int ret = 1;
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
EC_IMEXPORTABLE_DOM_PARAMETERS,
EC_IMEXPORTABLE_PUBLIC_KEY,
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0),
}
static const OSSL_PARAM sm2_known_settable_params[] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_END
};
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
&& !OSSL_PARAM_set_int(p, size))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL
&& (ecx->type == ECX_KEY_TYPE_X25519
|| ecx->type == ECX_KEY_TYPE_X448)) {
if (!OSSL_PARAM_set_octet_string(p, ecx->pubkey, ecx->keylen))
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
ECX_KEY_TYPES(),
OSSL_PARAM_END
};
ECX_KEY *ecxkey = key;
const OSSL_PARAM *p;
- p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
void *buf = ecxkey->pubkey;
}
static const OSSL_PARAM ecx_settable_params[] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_END
};
}
/* Encode the public key. */
- encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
- &encoded_point);
+ encodedlen = EVP_PKEY_get1_encoded_public_key(key_share_key,
+ &encoded_point);
if (encodedlen == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB);
goto err;
return 0;
}
- if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
- PACKET_remaining(&encoded_pt))) {
+ if (EVP_PKEY_set1_encoded_public_key(skey, PACKET_data(&encoded_pt),
+ PACKET_remaining(&encoded_pt)) <= 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
SSL_R_BAD_ECPOINT);
EVP_PKEY_free(skey);
s->s3.group_id = group_id;
- if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
+ if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp,
PACKET_data(&encoded_pt),
- PACKET_remaining(&encoded_pt))) {
+ PACKET_remaining(&encoded_pt)) <= 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT);
return 0;
}
/* Generate encoding of server key */
- encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
+ encoded_pt_len = EVP_PKEY_get1_encoded_public_key(skey, &encodedPoint);
if (encoded_pt_len == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
return 0;
}
- if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
- PACKET_data(&encoded_pt),
- PACKET_remaining(&encoded_pt))) {
+ if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp,
+ PACKET_data(&encoded_pt),
+ PACKET_remaining(&encoded_pt)) <= 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_BAD_ECPOINT);
return 0;
}
/* Generate encoding of client key */
- encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
+ encoded_pt_len = EVP_PKEY_get1_encoded_public_key(ckey, &encodedPoint);
if (encoded_pt_len == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
}
/* Encode the public key. */
- encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey,
- &encodedPoint);
+ encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey,
+ &encodedPoint);
if (encodedlen == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+ if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
ERR_R_EC_LIB);
goto err;
&& !OSSL_PARAM_set_int(p, xor_group.secbits))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
+ if ((p = OSSL_PARAM_locate(params,
+ OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
p->return_size = XOR_KEY_SIZE;
static const OSSL_PARAM xor_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_END
};
XORKEY *key = vkey;
const OSSL_PARAM *p;
- p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING
|| p->data_size != XOR_KEY_SIZE)
}
static const OSSL_PARAM xor_known_settable_params[] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_END
};
X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION:
X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION:
DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 NOEXIST::FUNCTION:
+EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 NOEXIST::FUNCTION:
ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION:
X509_SIG_getm 4141 3_0_0 EXIST::FUNCTION:
X509_get0_serialNumber 4142 3_0_0 EXIST::FUNCTION:
OSSL_ENCODER_to_data ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_libctx ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_propq ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set1_encoded_public_key ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get1_encoded_public_key ? 3_0_0 EXIST::FUNCTION: