Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
authorMatt Caswell <matt@openssl.org>
Wed, 20 May 2020 13:46:22 +0000 (14:46 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 19 Jun 2020 09:19:31 +0000 (10:19 +0100)
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

crypto/dh/dh_lib.c
crypto/evp/evp_lib.c
crypto/evp/pmeth_lib.c
crypto/ffc/ffc_backend.c
crypto/ffc/ffc_params.c
doc/man7/EVP_PKEY-DH.pod
include/openssl/core_names.h
providers/implementations/keymgmt/dh_kmgmt.c
test/acvp_test.c
test/dsatest.c
test/evp_pkey_provided_test.c

index 3a523c3..2a3921a 100644 (file)
@@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
     if (name == NULL)
         return 0;
 
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP,
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                             (void *)name, 0);
     *p++ = OSSL_PARAM_construct_end();
     return EVP_PKEY_CTX_set_params(ctx, params);
@@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
     if (name == NULL)
         return 0;
 
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP,
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                             (void *)name, 0);
     *p++ = OSSL_PARAM_construct_end();
     return EVP_PKEY_CTX_set_params(ctx, params);
index 00d6b27..ef978ec 100644 (file)
@@ -14,6 +14,7 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include <openssl/dh.h>
+#include <openssl/ec.h>
 #include "crypto/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
@@ -946,7 +947,34 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
     OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
     OSSL_PARAM *p = params;
 
-    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+
+    if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+#ifndef FIPS_MODULE
+        int nid;
+
+        /* Could be a legacy key, try and convert to a ctrl */
+        if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
+# ifndef OPENSSL_NO_DH
+            if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
+                                         EVP_PKEY_OP_PARAMGEN
+                                         | EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_DH_NID, nid, NULL);
+# endif
+# ifndef OPENSSL_NO_EC
+            if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+                                         EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
+                                         nid, NULL);
+# endif
+        }
+#endif
         ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
         /* Uses the same return values as EVP_PKEY_CTX_ctrl */
         return -2;
@@ -966,6 +994,7 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
     OSSL_PARAM *p = params;
 
     if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+        /* There is no legacy support for this */
         ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
         /* Uses the same return values as EVP_PKEY_CTX_ctrl */
         return -2;
index 4c1c01c..52c3042 100644 (file)
@@ -1055,9 +1055,9 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
         name = OSSL_PKEY_PARAM_FFC_TYPE;
         value = dh_gen_type_id2name(atoi(value));
     } else if (strcmp(name, "dh_param") == 0)
-        name = OSSL_PKEY_PARAM_DH_GROUP;
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
     else if (strcmp(name, "dh_rfc5114") == 0) {
-        name = OSSL_PKEY_PARAM_DH_GROUP;
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
         value = ffc_named_group_from_uid(atoi(value));
     } else if (strcmp(name, "dh_pad") == 0)
         name = OSSL_EXCHANGE_PARAM_PAD;
index 49f42d7..6e269eb 100644 (file)
@@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
     if (ffc == NULL)
         return 0;
 
-    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP);
+    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (prm != NULL) {
         if (prm->data_type != OSSL_PARAM_UTF8_STRING)
             goto err;
index 0796d34..d70aeea 100644 (file)
@@ -265,7 +265,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
 
         if (name == NULL
             || !ossl_param_build_set_utf8_string(bld, params,
-                                                 OSSL_PKEY_PARAM_DH_GROUP,
+                                                 OSSL_PKEY_PARAM_GROUP_NAME,
                                                  name))
             return 0;
 #else
index 6720417..f640753 100644 (file)
@@ -29,7 +29,7 @@ implementation supports the following:
 
 =over 4
 
-=item "group" (B<OSSL_PKEY_PARAM_DH_GROUP>) <UTF8 string>
+=item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <UTF8 string>
 
 Set or gets a string that associates a B<DH> named safe prime group with known
 values for I<p>, I<q> and I<g>.
index 9d99bc4..7da0186 100644 (file)
@@ -195,7 +195,7 @@ extern "C" {
 #define OSSL_PKEY_PARAM_MGF1_DIGEST         "mgf1-digest"
 #define OSSL_PKEY_PARAM_MGF1_PROPERTIES     "mgf1-properties"
 #define OSSL_PKEY_PARAM_TLS_ENCODED_PT      "tls-encoded-pt"
-#define OSSL_PKEY_PARAM_GROUP_NAME          "group-name"
+#define OSSL_PKEY_PARAM_GROUP_NAME          "group"
 
 /* Diffie-Hellman/DSA public/private key */
 #define OSSL_PKEY_PARAM_PUB_KEY             "pub"
@@ -218,7 +218,6 @@ extern "C" {
 #define OSSL_FFC_PARAM_VALIDATE_PQG         "validate-pqg"
 
 /* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GROUP            "group"
 #define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
 #define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
 
index c81d437..82fbdc8 100644 (file)
@@ -239,7 +239,7 @@ err:
     OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),                        \
     OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),                               \
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),                \
-    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0)
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0)
 # define DH_IMEXPORTABLE_PUBLIC_KEY                                            \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
 # define DH_IMEXPORTABLE_PRIVATE_KEY                                           \
@@ -464,7 +464,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
             return 0;
         }
     }
-    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP);
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING
            || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) {
@@ -518,7 +518,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
 static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
 {
     static OSSL_PARAM settable[] = {
-        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL),
         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
index b7db040..737d2c6 100644 (file)
@@ -901,7 +901,7 @@ static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
         || (group_name != NULL
             && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
-                              bld, OSSL_PKEY_PARAM_DH_GROUP,
+                              bld, OSSL_PKEY_PARAM_GROUP_NAME,
                               group_name, 0), 0)))
         goto err;
 
@@ -945,7 +945,7 @@ static int dh_safe_prime_keygen_test(int id)
     OSSL_PARAM params[2];
     const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
 
-    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP,
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                                  (char *)tst->group_name, 0);
     params[1] = OSSL_PARAM_construct_end();
 
index 8444ea1..614a8ea 100644 (file)
@@ -282,7 +282,7 @@ static int dsa_keygen_test(void)
                                              &pcount_out))
         || !TEST_int_eq(pcount_out, expected_c)
         || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
-                                                      OSSL_PKEY_PARAM_DH_GROUP,
+                                                      OSSL_PKEY_PARAM_GROUP_NAME,
                                                       group_out,
                                                       sizeof(group_out), &len)))
         goto end;
index f842999..fd3e580 100644 (file)
@@ -447,7 +447,7 @@ static int test_fromdata_dh_named_group(void)
         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
-                                                      OSSL_PKEY_PARAM_DH_GROUP,
+                                                      OSSL_PKEY_PARAM_GROUP_NAME,
                                                       group_name, 0))
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
@@ -464,7 +464,7 @@ static int test_fromdata_dh_named_group(void)
         || !TEST_int_eq(EVP_PKEY_size(pk), 256))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP,
+    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
                                                   name_out, sizeof(name_out),
                                                   &len))
         || !TEST_str_eq(name_out, group_name)
@@ -588,7 +588,7 @@ static int test_fromdata_dh_fips186_4(void)
         || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
         || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
-                                                      OSSL_PKEY_PARAM_DH_GROUP,
+                                                      OSSL_PKEY_PARAM_GROUP_NAME,
                                                       group_name, 0))
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
@@ -605,7 +605,7 @@ static int test_fromdata_dh_fips186_4(void)
         || !TEST_int_eq(EVP_PKEY_size(pk), 256))
         goto err;
 
-    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP,
+    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
                                                   name_out, sizeof(name_out),
                                                   &len))
         || !TEST_str_eq(name_out, group_name)
@@ -1144,7 +1144,7 @@ static int test_fromdata_dsa_fips186_4(void)
         || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data))))
         goto err;
 
-    if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP,
+    if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
                                                    name_out, sizeof(name_out),
                                                    &len))
         || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,