Fix external symbols related to dh keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 1cf692ee136dbeee146e5f1021e90e42e462fa29..338f3089340a7e17f659d457ca9bf5db08a10ee0 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -433,9 +433,9 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
     switch (op) {
     case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
-        return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
+        return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
     case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
-        return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
+        return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
     default:
         return -2;
     }
@@ -492,7 +492,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
      * If the DH method is foreign, then we can't be sure of anything, and
      * can therefore not export or pretend to export.
      */
-    if (dh_get_method(dh) != DH_OpenSSL())
+    if (ossl_dh_get_method(dh) != DH_OpenSSL())
         return 0;
 
     if (p == NULL || g == NULL)
@@ -543,7 +543,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
 {
     EVP_PKEY_CTX *pctx = vpctx;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-    DH *dh = dh_new_ex(pctx->libctx);
+    DH *dh = ossl_dh_new_ex(pctx->libctx);
 
     if (dh == NULL) {
         ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
@@ -552,8 +552,8 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
     DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
     DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
 
-    if (!dh_params_fromdata(dh, params)
-        || !dh_key_fromdata(dh, params)
+    if (!ossl_dh_params_fromdata(dh, params)
+        || !ossl_dh_key_fromdata(dh, params)
         || !EVP_PKEY_assign(pkey, type, dh)) {
         DH_free(dh);
         return 0;

diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 68013219e7b20300eedd6e96305798f74530af28..5c8af108f5c0fd5b338d469cd036a3cda0500134 100644 (file)
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -39,7 +39,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
         DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
         DH_set_flags(dh, DH_FLAG_TYPE_DH);
-        dh_cache_named_group(dh);
+        ossl_dh_cache_named_group(dh);
         dh->dirty_cnt++;
     }
     return 1;

diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 41de7b9006d8ec309e3566a937e328a097e71566..c848cb4870185fdf2f4dd40e8a6faa0a9106587f 100644 (file)
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -30,17 +30,17 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
 
     if (dh == NULL)
         return 0;
-    ffc = dh_get0_params(dh);
+    ffc = ossl_dh_get0_params(dh);
     if (ffc == NULL)
         return 0;
 
     ret = ossl_ffc_params_fromdata(ffc, params);
     if (ret)
-        dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
+        ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
     return ret;
 }
 
-int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *param_priv_len;
     long priv_len;
@@ -58,7 +58,7 @@ int dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
     return 1;
 }
 
-int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *param_priv_key, *param_pub_key;
     BIGNUM *priv_key = NULL, *pub_key = NULL;
@@ -86,11 +86,11 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
     return 0;
 }
 
-int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 {
     long l = DH_get_length(dh);
 
-    if (!ossl_ffc_params_todata(dh_get0_params(dh), bld, params))
+    if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params))
         return 0;
     if (l > 0
         && !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
@@ -98,7 +98,7 @@ int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
     return 1;
 }
 
-int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 {
     const BIGNUM *priv = NULL, *pub = NULL;
 

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 5cbbdbf8c5a82bdeecac4f9f2dfb986a6d06b64a..90697340f7c2df7b29925e8455773bd411635500 100644 (file)
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -243,12 +243,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
  * To only be used with ephemeral FFC public keys generated using the approved
  * safe-prime groups.
  */
-int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
+int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
 {
     return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
 }
 
-int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
+int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
 {
     int ok = 0;
     BIGNUM *two_powN = NULL, *upper;
@@ -281,7 +281,7 @@ err:
  * FFC pairwise check from SP800-56A R3.
  *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
  */
-int dh_check_pairwise(const DH *dh)
+int ossl_dh_check_pairwise(const DH *dh)
 {
     int ret = 0;
     BN_CTX *ctx = NULL;
@@ -301,7 +301,7 @@ int dh_check_pairwise(const DH *dh)
         goto err;
 
     /* recalculate the public key = (g ^ priv) mod p */
-    if (!dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
+    if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
         goto err;
     /* check it matches the existing pubic_key */
     ret = BN_cmp(pub_key, dh->pub_key) == 0;

diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index bdc0dc79b819d5cc28b52f866f923251b3d72f70..aecf7195d83612091228a03534371e88181cf8a8 100644 (file)
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -35,8 +35,8 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
                                 BN_GENCB *cb);
 #endif /* FIPS_MODULE */
 
-int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
-                               BN_GENCB *cb)
+int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+                                    BN_GENCB *cb)
 {
     int ret, res;
 
@@ -55,7 +55,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
     return ret;
 }
 
-int dh_get_named_group_uid_from_size(int pbits)
+int ossl_dh_get_named_group_uid_from_size(int pbits)
 {
     /*
      * Just choose an approved safe prime group.
@@ -95,12 +95,12 @@ static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len)
 {
     DH *dh;
     int ok = 0;
-    int nid = dh_get_named_group_uid_from_size(prime_len);
+    int nid = ossl_dh_get_named_group_uid_from_size(prime_len);
 
     if (nid == NID_undef)
         return 0;
 
-    dh = dh_new_by_nid_ex(libctx, nid);
+    dh = ossl_dh_new_by_nid_ex(libctx, nid);
     if (dh != NULL
         && ossl_ffc_params_copy(&ret->params, &dh->params)) {
         ok = 1;

diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index 0f66d8969df2ff824ac4f8a08daa3cdd08fa94ac..72082d6f50d30880ad5417fd6b39eb5fc627d863 100644 (file)
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -27,7 +27,7 @@
 
 static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
 {
-    DH *dh = dh_new_ex(libctx);
+    DH *dh = ossl_dh_new_ex(libctx);
 
     if (dh == NULL)
         return NULL;
@@ -39,7 +39,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group)
     return dh;
 }
 
-DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
+DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
 {
     const DH_NAMED_GROUP *group;
 
@@ -52,10 +52,10 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid)
 
 DH *DH_new_by_nid(int nid)
 {
-    return dh_new_by_nid_ex(NULL, nid);
+    return ossl_dh_new_by_nid_ex(NULL, nid);
 }
 
-void dh_cache_named_group(DH *dh)
+void ossl_dh_cache_named_group(DH *dh)
 {
     const DH_NAMED_GROUP *group;
 

diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index ea2cd6386cecd297f1077ae173b361982425f4d9..e1753b0b69c3dcf62a129bf7e135b4fcb2cfac11 100644 (file)
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -25,11 +25,12 @@
 #include <crypto/dh.h>
 
 /* Key derivation function from X9.63/SECG */
-int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
-                      const unsigned char *Z, size_t Zlen,
-                      const char *cek_alg,
-                      const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
-                      OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
+                           const unsigned char *Z, size_t Zlen,
+                           const char *cek_alg,
+                           const unsigned char *ukm, size_t ukmlen,
+                           const EVP_MD *md,
+                           OSSL_LIB_CTX *libctx, const char *propq)
 {
     int ret = 0;
     EVP_KDF_CTX *kctx = NULL;
@@ -78,7 +79,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     if (key_alg == NULL)
         return 0;
 
-    return dh_KDF_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
-                             ukm, ukmlen, md, libctx, NULL);
+    return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg,
+                                  ukm, ukmlen, md, libctx, NULL);
 }
 #endif /* !defined(FIPS_MODULE) */

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index f8cbbd593b9b97762b34546c1883ac1217b76b95..f282a12b4c2751ed9d38ab4f1492c3868b67b3ee 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -210,8 +210,8 @@ int DH_generate_key(DH *dh)
 #endif
 }
 
-int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
-                           BIGNUM *pub_key)
+int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
+                                const BIGNUM *priv_key, BIGNUM *pub_key)
 {
     int ret = 0;
     BIGNUM *prk = BN_new();
@@ -344,7 +344,7 @@ static int generate_key(DH *dh)
         }
     }
 
-    if (!dh_generate_public_key(ctx, dh, priv_key, pub_key))
+    if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
         goto err;
 
     dh->pub_key = pub_key;
@@ -363,7 +363,7 @@ static int generate_key(DH *dh)
     return ok;
 }
 
-int dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
+int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
 {
     int err_reason = DH_R_BN_ERROR;
     BIGNUM *pubkey = NULL;
@@ -394,7 +394,8 @@ err:
     return 0;
 }
 
-size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc)
+size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size,
+                       int alloc)
 {
     const BIGNUM *pubkey;
     unsigned char *pbuf = NULL;

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e3db7a49292e3042485f345d3984f0ca136684d5..78b984157dfc12e2bc96ea5a9fe8135aa7540ace 100644 (file)
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -47,7 +47,7 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
     return 1;
 }
 
-const DH_METHOD *dh_get_method(const DH *dh)
+const DH_METHOD *ossl_dh_get_method(const DH *dh)
 {
     return dh->meth;
 }
@@ -64,7 +64,7 @@ DH *DH_new_method(ENGINE *engine)
 }
 #endif /* !FIPS_MODULE */
 
-DH *dh_new_ex(OSSL_LIB_CTX *libctx)
+DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx)
 {
     return dh_new_intern(NULL, libctx);
 }
@@ -230,7 +230,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
         return 0;
 
     ossl_ffc_params_set0_pqg(&dh->params, p, q, g);
-    dh_cache_named_group(dh);
+    ossl_dh_cache_named_group(dh);
     dh->dirty_cnt++;
     return 1;
 }
@@ -317,11 +317,11 @@ ENGINE *DH_get0_engine(DH *dh)
 }
 #endif /*FIPS_MODULE */
 
-FFC_PARAMS *dh_get0_params(DH *dh)
+FFC_PARAMS *ossl_dh_get0_params(DH *dh)
 {
     return &dh->params;
 }
-int dh_get0_nid(const DH *dh)
+int ossl_dh_get0_nid(const DH *dh)
 {
     return dh->params.nid;
 }

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 11f30ce7022e3f6d2778999fde1fb0d0e50ead15..4a18205a7fed269ff60894971e97e170b5138bd3 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -509,7 +509,7 @@ static const EVP_PKEY_METHOD dh_pkey_meth = {
     pkey_dh_ctrl_str
 };
 
-const EVP_PKEY_METHOD *dh_pkey_method(void)
+const EVP_PKEY_METHOD *ossl_dh_pkey_method(void)
 {
     return &dh_pkey_meth;
 }
@@ -548,7 +548,7 @@ static const EVP_PKEY_METHOD dhx_pkey_meth = {
     pkey_dh_ctrl_str
 };
 
-const EVP_PKEY_METHOD *dhx_pkey_method(void)
+const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void)
 {
     return &dhx_pkey_meth;
 }

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 7e5be3208d72c11d8d1190035c3b99e075a17fac..0c84a6294fc8bb50dcb992637bf34dd74149ef38 100644 (file)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -52,7 +52,7 @@ DH *DSA_dup_DH(const DSA *r)
     if (ret == NULL)
         goto err;
 
-    if (!ossl_ffc_params_copy(dh_get0_params(ret), &r->params))
+    if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
         goto err;
 
     if (r->pub_key != NULL) {

diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c
index 212cf908eb76ab1beb85613cfa1e1837cb763476..0f33b28122a96b2149132348de097dd5cc65cef8 100644 (file)
--- a/crypto/evp/dh_support.c
+++ b/crypto/evp/dh_support.c
@@ -25,7 +25,7 @@ static const DH_GENTYPE_NAME2ID dhtype2id[]=
     { "generator", DH_PARAMGEN_TYPE_GENERATOR }
 };
 
-const char *dh_gen_type_id2name(int id)
+const char *ossl_dh_gen_type_id2name(int id)
 {
     size_t i;
 
@@ -36,7 +36,7 @@ const char *dh_gen_type_id2name(int id)
     return NULL;
 }
 
-int dh_gen_type_name2id(const char *name)
+int ossl_dh_gen_type_name2id(const char *name)
 {
     size_t i;
 

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 500e0564792843ddfa65b2ad0916d12d8cc84dd8..9499d666bd7e624713acc2d819653833fea50a09 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -51,7 +51,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 static pmeth_fn standard_methods[] = {
     ossl_rsa_pkey_method,
 # ifndef OPENSSL_NO_DH
-    dh_pkey_method,
+    ossl_dh_pkey_method,
 # endif
 # ifndef OPENSSL_NO_DSA
     dsa_pkey_method,
@@ -61,7 +61,7 @@ static pmeth_fn standard_methods[] = {
 # endif
     ossl_rsa_pss_pkey_method,
 # ifndef OPENSSL_NO_DH
-    dhx_pkey_method,
+    ossl_dhx_pkey_method,
 # endif
 # ifndef OPENSSL_NO_EC
     ecx25519_pkey_method,
@@ -1326,6 +1326,99 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
     return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
 }
 
+<<<<<<< HEAD
+=======
+static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
+                                    const char *value)
+{
+    if (strcmp(name, "md") == 0)
+        name = OSSL_ALG_PARAM_DIGEST;
+    else if (strcmp(name, "rsa_padding_mode") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE;
+    else if (strcmp(name, "rsa_mgf1_md") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST;
+    else if (strcmp(name, "rsa_oaep_md") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
+    else if (strcmp(name, "rsa_oaep_label") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
+    else if (strcmp(name, "rsa_pss_saltlen") == 0)
+        name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN;
+    else if (strcmp(name, "rsa_keygen_bits") == 0)
+        name = OSSL_PKEY_PARAM_RSA_BITS;
+    else if (strcmp(name, "rsa_keygen_pubexp") == 0)
+        name = OSSL_PKEY_PARAM_RSA_E;
+    else if (strcmp(name, "rsa_keygen_primes") == 0)
+        name = OSSL_PKEY_PARAM_RSA_PRIMES;
+    else if (strcmp(name, "rsa_pss_keygen_md") == 0)
+        name = OSSL_PKEY_PARAM_RSA_DIGEST;
+    else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0)
+        name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
+    else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
+        name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
+    else if (strcmp(name, "dsa_paramgen_bits") == 0)
+        name = OSSL_PKEY_PARAM_FFC_PBITS;
+    else if (strcmp(name, "dsa_paramgen_q_bits") == 0)
+        name = OSSL_PKEY_PARAM_FFC_QBITS;
+    else if (strcmp(name, "dsa_paramgen_md") == 0)
+        name = OSSL_PKEY_PARAM_FFC_DIGEST;
+    else if (strcmp(name, "dh_paramgen_generator") == 0)
+        name = OSSL_PKEY_PARAM_DH_GENERATOR;
+    else if (strcmp(name, "dh_paramgen_prime_len") == 0)
+        name = OSSL_PKEY_PARAM_FFC_PBITS;
+    else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
+        name = OSSL_PKEY_PARAM_FFC_QBITS;
+    else if (strcmp(name, "dh_paramgen_type") == 0) {
+        name = OSSL_PKEY_PARAM_FFC_TYPE;
+        value = ossl_dh_gen_type_id2name(atoi(value));
+    } else if (strcmp(name, "dh_param") == 0)
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
+    else if (strcmp(name, "dh_rfc5114") == 0) {
+        int num = atoi(value);
+
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
+        value =
+            ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num));
+    } else if (strcmp(name, "dh_pad") == 0)
+        name = OSSL_EXCHANGE_PARAM_PAD;
+    else if (strcmp(name, "ec_paramgen_curve") == 0)
+        name = OSSL_PKEY_PARAM_GROUP_NAME;
+    else if (strcmp(name, "ecdh_cofactor_mode") == 0)
+        name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE;
+    else if (strcmp(name, "ecdh_kdf_md") == 0)
+        name = OSSL_EXCHANGE_PARAM_KDF_DIGEST;
+    else if (strcmp(name, "ec_param_enc") == 0)
+        name = OSSL_PKEY_PARAM_EC_ENCODING;
+    else if (strcmp(name, "N") == 0)
+        name = OSSL_KDF_PARAM_SCRYPT_N;
+
+    {
+        /*
+         * TODO(3.0) reduce the code above to only translate known legacy
+         * string to the corresponding core name (see core_names.h), but
+         * otherwise leave it to this code block to do the actual work.
+         */
+        const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx);
+        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+        int rv = 0;
+        int exists = 0;
+
+        if (!OSSL_PARAM_allocate_from_text(&params[0], settable, name, value,
+                                           strlen(value), &exists)) {
+            if (!exists) {
+                ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
+                               "name=%s,value=%s", name, value);
+                return -2;
+            }
+            return 0;
+        }
+        if (EVP_PKEY_CTX_set_params(ctx, params))
+            rv = 1;
+        OPENSSL_free(params[0].data);
+        return rv;
+    }
+}
+
+>>>>>>> 4651c47010... Fix external symbols related to dh keys
 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx,
                                      const char *name, const char *value)
 {

diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index eca2a0305684f9b91be3545cd13c60be91e9ad50..d8b597a0f126907b369314a3c35e31f084ae9ac0 100644 (file)
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -16,40 +16,41 @@
 # include <openssl/dh.h>
 # include "internal/ffc.h"
 
-DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
-DH *dh_new_ex(OSSL_LIB_CTX *libctx);
+DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
+DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx);
 void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx);
-
-int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
-                               BN_GENCB *cb);
-int dh_generate_public_key(BN_CTX *ctx, const DH *dh, const BIGNUM *priv_key,
-                           BIGNUM *pub_key);
-int dh_get_named_group_uid_from_size(int pbits);
-const char *dh_gen_type_id2name(int id);
-int dh_gen_type_name2id(const char *name);
-void dh_cache_named_group(DH *dh);
+int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+                                    BN_GENCB *cb);
+int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh,
+                                const BIGNUM *priv_key, BIGNUM *pub_key);
+int ossl_dh_get_named_group_uid_from_size(int pbits);
+const char *ossl_dh_gen_type_id2name(int id);
+int ossl_dh_gen_type_name2id(const char *name);
+void ossl_dh_cache_named_group(DH *dh);
 int ossl_dh_is_named_safe_prime_group(const DH *dh);
 
-FFC_PARAMS *dh_get0_params(DH *dh);
-int dh_get0_nid(const DH *dh);
-int dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
-int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
-int dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
-int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
-
-int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
-int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
-int dh_check_pairwise(const DH *dh);
-
-const DH_METHOD *dh_get_method(const DH *dh);
-
-int dh_buf2key(DH *key, const unsigned char *buf, size_t len);
-size_t dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, int alloc);
-
-int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
-                      const unsigned char *Z, size_t Zlen,
-                      const char *cek_alg,
-                      const unsigned char *ukm, size_t ukmlen, const EVP_MD *md,
-                      OSSL_LIB_CTX *libctx, const char *propq);
+FFC_PARAMS *ossl_dh_get0_params(DH *dh);
+int ossl_dh_get0_nid(const DH *dh);
+int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
+int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+
+int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
+int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
+int ossl_dh_check_pairwise(const DH *dh);
+
+const DH_METHOD *ossl_dh_get_method(const DH *dh);
+
+int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len);
+size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size,
+                       int alloc);
+
+int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
+                           const unsigned char *Z, size_t Zlen,
+                           const char *cek_alg,
+                           const unsigned char *ukm, size_t ukmlen,
+                           const EVP_MD *md,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 #endif  /* OSSL_CRYPTO_DH_H */

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 0ed9a02396552129b14590a1e8a5b17d0a84e2c7..e48afbf203deebe7254f4525f6f38156b2a2b9ba 100644 (file)
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -179,8 +179,8 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
 
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
-const EVP_PKEY_METHOD *dh_pkey_method(void);
-const EVP_PKEY_METHOD *dhx_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
 const EVP_PKEY_METHOD *dsa_pkey_method(void);
 const EVP_PKEY_METHOD *ec_pkey_method(void);
 const EVP_PKEY_METHOD *ecx25519_pkey_method(void);

diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 8be3478102234cff3f3cdb31ddeb05a0f47ee699..4b4cfc8fa77e52e07006817bba6ae8059c789314 100644 (file)
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -23,7 +23,7 @@
 #include <openssl/proverr.h>
 #include "internal/ffc.h"
 #include "crypto/bn.h"           /* bn_get_words() */
-#include "crypto/dh.h"           /* dh_get0_params() */
+#include "crypto/dh.h"           /* ossl_dh_get0_params() */
 #include "crypto/dsa.h"          /* dsa_get0_params() */
 #include "crypto/ec.h"           /* ec_key_get_libctx */
 #include "crypto/ecx.h"          /* ECX_KEY, etc... */
@@ -245,7 +245,7 @@ static int dh_to_text(BIO *out, const void *key, int selection)
         }
     }
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
-        params = dh_get0_params((DH *)dh);
+        params = ossl_dh_get0_params((DH *)dh);
         if (params == NULL) {
             ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS);
             return 0;

diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 32ce2ee0eddd3cae695e6f4e782a765a8deec087..2638675da5f5f1ed41d6e605d56da6d2d1b8c83b 100644 (file)
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -180,13 +180,13 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret,
 
     /* Do KDF stuff */
     if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) {
-        if (!dh_KDF_X9_42_asn1(secret, pdhctx->kdf_outlen,
-                               stmp, stmplen,
-                               pdhctx->kdf_cekalg,
-                               pdhctx->kdf_ukm,
-                               pdhctx->kdf_ukmlen,
-                               pdhctx->kdf_md,
-                               pdhctx->libctx, NULL))
+        if (!ossl_dh_kdf_X9_42_asn1(secret, pdhctx->kdf_outlen,
+                                    stmp, stmplen,
+                                    pdhctx->kdf_cekalg,
+                                    pdhctx->kdf_ukm,
+                                    pdhctx->kdf_ukmlen,
+                                    pdhctx->kdf_md,
+                                    pdhctx->libctx, NULL))
             goto err;
     }
     *secretlen = pdhctx->kdf_outlen;

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index a967309644e23b8f533aaf5f09aaa02e35308524..9b1679e4fa3a1262b4c106a61e3f5fa2a3c6ab58 100644 (file)
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -91,7 +91,7 @@ static int dh_gen_type_name2id_w_default(const char *name, int type)
 #endif
     }
 
-    return dh_gen_type_name2id(name);
+    return ossl_dh_gen_type_name2id(name);
 }
 
 static void *dh_newdata(void *provctx)
@@ -99,7 +99,7 @@ static void *dh_newdata(void *provctx)
     DH *dh = NULL;
 
     if (ossl_prov_is_running()) {
-        dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
+        dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
         if (dh != NULL) {
             DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
             DH_set_flags(dh, DH_FLAG_TYPE_DH);
@@ -112,7 +112,7 @@ static void *dhx_newdata(void *provctx)
 {
     DH *dh = NULL;
 
-    dh = dh_new_ex(PROV_LIBCTX_OF(provctx));
+    dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
     if (dh != NULL) {
         DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
         DH_set_flags(dh, DH_FLAG_TYPE_DHX);
@@ -158,8 +158,8 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
         ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
-        FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
-        FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
+        FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);
+        FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);
 
         ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1);
     }
@@ -178,10 +178,10 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
         return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && dh_params_fromdata(dh, params);
+        ok = ok && ossl_dh_params_fromdata(dh, params);
 
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && dh_key_fromdata(dh, params);
+        ok = ok && ossl_dh_key_fromdata(dh, params);
 
     return ok;
 }
@@ -202,9 +202,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
         return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && dh_params_todata(dh, tmpl, NULL);
+        ok = ok && ossl_dh_params_todata(dh, tmpl, NULL);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && dh_key_todata(dh, tmpl, NULL);
+        ok = ok && ossl_dh_key_todata(dh, tmpl, NULL);
 
     if (!ok
         || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
@@ -295,14 +295,14 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
         if (p->data_type != OSSL_PARAM_OCTET_STRING)
             return 0;
-        p->return_size = dh_key2buf(dh, (unsigned char **)&p->data,
-                                    p->data_size, 0);
+        p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data,
+                                         p->data_size, 0);
         if (p->return_size == 0)
             return 0;
     }
 
-    return dh_params_todata(dh, NULL, params)
-        && dh_key_todata(dh, NULL, params);
+    return ossl_dh_params_todata(dh, NULL, params)
+        && ossl_dh_key_todata(dh, NULL, params);
 }
 
 static const OSSL_PARAM dh_params[] = {
@@ -339,7 +339,7 @@ static int dh_set_params(void *key, const OSSL_PARAM params[])
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
     if (p != NULL
             && (p->data_type != OSSL_PARAM_OCTET_STRING
-                || !dh_buf2key(dh, p->data, p->data_size)))
+                || !ossl_dh_buf2key(dh, p->data, p->data_size)))
         return 0;
 
     return 1;
@@ -357,7 +357,7 @@ static int dh_validate_public(const DH *dh, int checktype)
     /* The partial test is only valid for named group's with q = (p - 1) / 2 */
     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
         && ossl_dh_is_named_safe_prime_group(dh))
-        return dh_check_pub_key_partial(dh, pub_key, &res);
+        return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
 
     return DH_check_pub_key(dh, pub_key, &res);
 }
@@ -370,7 +370,7 @@ static int dh_validate_private(const DH *dh)
     DH_get0_key(dh, NULL, &priv_key);
     if (priv_key == NULL)
         return 0;
-    return dh_check_priv_key(dh, priv_key, &status);;
+    return ossl_dh_check_priv_key(dh, priv_key, &status);;
 }
 
 static int dh_validate(const void *keydata, int selection, int checktype)
@@ -404,7 +404,7 @@ static int dh_validate(const void *keydata, int selection, int checktype)
 
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
             == OSSL_KEYMGMT_SELECT_KEYPAIR)
-        ok = ok && dh_check_pairwise(dh);
+        ok = ok && ossl_dh_check_pairwise(dh);
     return ok;
 }
 
@@ -461,7 +461,7 @@ static int dh_gen_set_template(void *genctx, void *templ)
 
     if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
         return 0;
-    gctx->ffc_params = dh_get0_params(dh);
+    gctx->ffc_params = ossl_dh_get0_params(dh);
     return 1;
 }
 
@@ -492,8 +492,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING
             || ((gctx->gen_type =
-                 dh_gen_type_name2id_w_default(p->data,
-                                               gctx->dh_type)) == -1)) {
+                 dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) {
             ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
             return 0;
         }
@@ -606,18 +605,18 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
             && gctx->ffc_params == NULL) {
         /* Select a named group if there is not one already */
         if (gctx->group_nid == NID_undef)
-            gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
+            gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits);
         if (gctx->group_nid == NID_undef)
             return NULL;
-        dh = dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
+        dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
         if (dh == NULL)
             return NULL;
-        ffc = dh_get0_params(dh);
+        ffc = ossl_dh_get0_params(dh);
     } else {
-        dh = dh_new_ex(gctx->libctx);
+        dh = ossl_dh_new_ex(gctx->libctx);
         if (dh == NULL)
             return NULL;
-        ffc = dh_get0_params(dh);
+        ffc = ossl_dh_get0_params(dh);
 
         /* Copy the template value if one was passed */
         if (gctx->ffc_params != NULL
@@ -653,8 +652,9 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
                 ret = DH_generate_parameters_ex(dh, gctx->pbits,
                                                 gctx->generator, gencb);
             else
-                ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
-                                                 gctx->qbits, gencb);
+                ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type,
+                                                      gctx->pbits, gctx->qbits,
+                                                      gencb);
             if (ret <= 0)
                 goto end;
         }

diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c
index 1cbaec891bb728ff66248373cdeaeb4616208ea1..3c54d68010ab16d3d6080e51b06e527616edc266 100644 (file)
--- a/test/ffc_internal_test.c
+++ b/test/ffc_internal_test.c
@@ -435,7 +435,7 @@ err:
     return ret;
 }
 
-extern FFC_PARAMS *dh_get0_params(DH *dh);
+extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
 
 static int ffc_public_validate_test(void)
 {
@@ -449,7 +449,7 @@ static int ffc_public_validate_test(void)
 
     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
         goto err;
-    params = dh_get0_params(dh);
+    params = ossl_dh_get0_params(dh);
 
     if (!TEST_true(BN_set_word(pub, 1)))
         goto err;
@@ -528,7 +528,7 @@ static int ffc_private_validate_test(void)
 
     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
         goto err;
-    params = dh_get0_params(dh);
+    params = ossl_dh_get0_params(dh);
 
     if (!TEST_true(BN_set_word(priv, 1)))
         goto err;
@@ -589,7 +589,7 @@ static int ffc_private_gen_test(int index)
 
     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
         goto err;
-    params = dh_get0_params(dh);
+    params = ossl_dh_get0_params(dh);
 
     N = BN_num_bits(params->q);
     /* Fail since N < 2*s - where s = 112*/