From c74aaa3920f116fe4c1003153838144c37d6e527 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 25 May 2020 13:17:51 +0200 Subject: [PATCH] Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) --- crypto/evp/exchange.c | 4 +-- crypto/evp/keymgmt_lib.c | 4 +-- crypto/evp/p_lib.c | 16 ++++++++++- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_req.c | 2 +- crypto/x509/x_pubkey.c | 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 +-- ...Y_cmp.pod => EVP_PKEY_copy_parameters.pod} | 27 +++++++++++++------ include/openssl/evp.h | 6 +++++ ssl/ssl_rsa.c | 2 +- test/evp_test.c | 2 +- util/libcrypto.num | 6 +++-- 12 files changed, 55 insertions(+), 22 deletions(-) rename doc/man3/{EVP_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} (65%) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 26d7e1ce95..514ecd4039 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -368,13 +368,13 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) /* * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * present (!missing) but don't match. EVP_PKEY_parameters_eq may return * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 * (different key types) is impossible here because it is checked earlier. * -2 is OK for us here, as well as 1, so we can check for 0 only. */ if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { + !EVP_PKEY_parameters_eq(ctx->pkey, peer)) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); return -1; } diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 54805d741d..a712233043 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -236,8 +236,8 @@ int evp_keymgmt_util_has(EVP_PKEY *pk, int selection) * but also in the operation cache to see if there's any common keymgmt that * supplies OP_keymgmt_match. * - * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_cmp() - * and EVP_PKEY_cmp_parameters() return, i.e.: + * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq() + * and EVP_PKEY_parameters_eq() return, i.e.: * * 1 same key * 0 not same key diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d05f0f2cba..4670912588 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -156,7 +156,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) } if (!EVP_PKEY_missing_parameters(to)) { - if (EVP_PKEY_cmp_parameters(to, from) == 1) + if (EVP_PKEY_parameters_eq(to, from) == 1) return 1; EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); return 0; @@ -272,7 +272,14 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return EVP_PKEY_parameters_eq(a, b); +} +#endif + +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support @@ -290,7 +297,14 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return EVP_PKEY_eq(a, b); +} +#endif + +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 05615c1e19..25f72e057e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -300,7 +300,7 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) xk = X509_get0_pubkey(x); if (xk) - ret = EVP_PKEY_cmp(xk, k); + ret = EVP_PKEY_eq(xk, k); else ret = -2; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 639e8e47db..fcc07b17dd 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -85,7 +85,7 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) int ok = 0; xk = X509_REQ_get_pubkey(x); - switch (EVP_PKEY_cmp(xk, k)) { + switch (EVP_PKEY_eq(xk, k)) { case 1: ok = 1; break; diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 14893adb2f..c73ea7a4ed 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -491,5 +491,5 @@ int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b) if ((pA = X509_PUBKEY_get0(a)) == NULL || (pB = X509_PUBKEY_get0(b)) == NULL) return -2; - return EVP_PKEY_cmp(pA, pB); + return EVP_PKEY_eq(pA, pB); } diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 989008db07..bad9370867 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -170,7 +170,7 @@ They're called by L and L. The pub_cmp() method is called when two public keys are to be compared. It MUST return 1 when the keys are equal, 0 otherwise. -It's called by L. +It's called by L. The pub_print() method is called to print a public key in humanly readable text to B, indented B spaces. @@ -228,7 +228,7 @@ It's called by L. The param_cmp() method compares the parameters of keys B and B. It MUST return 1 when the keys are equal, 0 when not equal, or a negative number on error. -It's called by L. +It's called by L. The param_print() method prints the private key parameters in humanly readable text to B, indented B spaces. diff --git a/doc/man3/EVP_PKEY_cmp.pod b/doc/man3/EVP_PKEY_copy_parameters.pod similarity index 65% rename from doc/man3/EVP_PKEY_cmp.pod rename to doc/man3/EVP_PKEY_copy_parameters.pod index f0008ec150..01fbb48109 100644 --- a/doc/man3/EVP_PKEY_cmp.pod +++ b/doc/man3/EVP_PKEY_copy_parameters.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_missing_parameters, EVP_PKEY_copy_parameters, EVP_PKEY_parameters_eq, +EVP_PKEY_cmp_parameters, EVP_PKEY_eq, EVP_PKEY_cmp - public key parameter and comparison functions =head1 SYNOPSIS @@ -12,7 +13,9 @@ EVP_PKEY_cmp - public key parameter and comparison functions int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); =head1 DESCRIPTION @@ -26,11 +29,11 @@ B to key B. An error is returned if the parameters are missing in B or present in both B and B and mismatch. If the parameters in B and B are both present and match this function has no effect. -The function EVP_PKEY_cmp_parameters() compares the parameters of keys -B and B. +The function EVP_PKEY_parameters_eq() checks the parameters of keys +B and B for equality. -The function EVP_PKEY_cmp() compares the public key components and parameters -(if present) of keys B and B. +The function EVP_PKEY_eq() checks the public key components and parameters +(if present) of keys B and B for equality. =head1 NOTES @@ -40,7 +43,7 @@ parameters are sometimes omitted from a public key if they are inherited from the CA that signed it. Since OpenSSL private keys contain public key components too the function -EVP_PKEY_cmp() can also be used to determine if a private key matches +EVP_PKEY_eq() can also be used to determine if a private key matches a public key. =head1 RETURN VALUES @@ -52,8 +55,8 @@ doesn't use parameters. These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for failure. -The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the -keys match, 0 if they don't match, -1 if the key types are different and +The function EVP_PKEY_parameters_eq() and EVP_PKEY_eq() return 1 if their +inputs match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported. =head1 SEE ALSO @@ -61,6 +64,14 @@ keys match, 0 if they don't match, -1 if the key types are different and L, L +=head1 HISTORY + +The function EVP_PKEY_cmp was deprecated and renamed to B and +EVP_PKEY_cmp_parameters was deprecated and renamed to B +(without changing semantics) in OpenSSL 3.0. +This was done to avoid confusion on their return values with other _cmp() +functions that return 0 in case their arguments are equal. + =head1 COPYRIGHT Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 3d2e161549..81ec80ab2d 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1191,9 +1191,15 @@ EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +#endif +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +#endif +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 7a699747d3..3df32b725b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1115,7 +1115,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr else #endif /* check that key <-> cert match */ - if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { + if (EVP_PKEY_eq(pubkey, privatekey) != 1) { SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); goto out; } diff --git a/test/evp_test.c b/test/evp_test.c index 6727a007a0..813218a42a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2404,7 +2404,7 @@ static int keypair_test_run(EVP_TEST *t) goto end; } - if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) { + if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) { if ( 0 == rv ) { t->err = "KEYPAIR_MISMATCH"; } else if ( -1 == rv ) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 724d5038de..cc11651b76 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -190,7 +190,7 @@ EVP_DigestInit 193 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_find 194 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_count 195 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_get_bit 196 3_0_0 EXIST::FUNCTION: -EVP_PKEY_cmp 197 3_0_0 EXIST::FUNCTION: +EVP_PKEY_cmp 197 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_X509_ALGORS 198 3_0_0 EXIST::FUNCTION: EVP_PKEY2PKCS8 199 3_0_0 EXIST::FUNCTION: BN_nist_mod_256 200 3_0_0 EXIST::FUNCTION: @@ -3461,7 +3461,7 @@ ERR_print_errors_cb 3531 3_0_0 EXIST::FUNCTION: ENGINE_set_default_string 3532 3_0_0 EXIST::FUNCTION:ENGINE BIO_number_read 3533 3_0_0 EXIST::FUNCTION: CRYPTO_zalloc 3534 3_0_0 EXIST::FUNCTION: -EVP_PKEY_cmp_parameters 3535 3_0_0 EXIST::FUNCTION: +EVP_PKEY_cmp_parameters 3535 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_CTX_new_id 3537 3_0_0 EXIST::FUNCTION: TLS_FEATURE_free 3538 3_0_0 EXIST::FUNCTION: d2i_BASIC_CONSTRAINTS 3539 3_0_0 EXIST::FUNCTION: @@ -5095,3 +5095,5 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: -- 2.34.1