/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/ffc.h"
#include "internal/param_build_set.h"
#include "internal/nelem.h"
-#include "e_os.h" /* strcasecmp */
#ifndef FIPS_MODULE
# include <openssl/asn1.h> /* ossl_ffc_params_print */
memset(params, 0, sizeof(*params));
params->pcounter = -1;
params->gindex = FFC_UNVERIFIABLE_GINDEX;
- params->flags = FFC_PARAM_FLAG_VALIDATE_ALL;
+ params->flags = FFC_PARAM_FLAG_VALIDATE_PQG;
}
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
+#ifdef FIPS_MODULE
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
+ OPENSSL_clear_free(params->seed, params->seedlen);
+#else
BN_free(params->p);
BN_free(params->q);
BN_free(params->g);
BN_free(params->j);
OPENSSL_free(params->seed);
+#endif
ossl_ffc_params_init(params);
}
int ossl_ffc_params_set_seed(FFC_PARAMS *params,
const unsigned char *seed, size_t seedlen)
{
- if (params == NULL)
- return 0;
-
if (params->seed != NULL) {
if (params->seed == seed)
return 1;
params->flags &= ~flags;
}
-int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props)
+void ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props)
{
params->mdname = alg;
params->mdprops = props;
- return 1;
}
int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
|| !ffc_bn_cpy(&dst->j, src->j))
return 0;
+ dst->mdname = src->mdname;
+ dst->mdprops = src->mdprops;
OPENSSL_free(dst->seed);
dst->seedlen = src->seedlen;
if (src->seed != NULL) {
dst->pcounter = src->pcounter;
dst->h = src->h;
dst->gindex = src->gindex;
+ dst->flags = src->flags;
+ dst->keylength = src->keylength;
return 1;
}
&& (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */
}
-static const OSSL_ITEM flag_map[] = {
- { FFC_PARAM_FLAG_VALIDATE_PQ, OSSL_FFC_PARAM_VALIDATE_PQ },
- { FFC_PARAM_FLAG_VALIDATE_G, OSSL_FFC_PARAM_VALIDATE_G },
- { FFC_PARAM_FLAG_VALIDATE_ALL, OSSL_FFC_PARAM_VALIDATE_PQG },
- { 0, "" }
-};
-
-int ossl_ffc_params_flags_from_name(const char *name)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
- if (strcasecmp(flag_map[i].ptr, name) == 0)
- return flag_map[i].id;
- }
- return NID_undef;
-}
-
-const char *ossl_ffc_params_flags_to_name(int flags)
-{
- size_t i;
-
- flags &= FFC_PARAM_FLAG_VALIDATE_ALL;
- for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
- if ((int)flag_map[i].id == flags)
- return flag_map[i].ptr;
- }
- return "";
-}
-
int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
OSSL_PARAM params[])
{
- if (ffc == NULL)
- return 0;
+ int test_flags;
if (ffc->p != NULL
&& !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_P, ffc->p))
ffc->seed, ffc->seedlen))
return 0;
if (ffc->nid != NID_undef) {
-#ifndef OPENSSL_NO_DH
- const char *name = ossl_ffc_named_group_from_uid(ffc->nid);
+ const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid);
+ const char *name = ossl_ffc_named_group_get_name(group);
if (name == NULL
|| !ossl_param_build_set_utf8_string(bld, params,
OSSL_PKEY_PARAM_GROUP_NAME,
name))
return 0;
-#else
- /* How could this be? We should not have a nid in a no-dh build. */
- return 0;
-#endif
}
- if (!ossl_param_build_set_utf8_string(bld, params,
- OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
- ossl_ffc_params_flags_to_name(ffc->flags)))
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags))
+ return 0;
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags))
return 0;
+ test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0);
+ if (!ossl_param_build_set_int(bld, params,
+ OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY,
+ test_flags))
+ return 0;
+
if (ffc->mdname != NULL
&& !ossl_param_build_set_utf8_string(bld, params,
OSSL_PKEY_PARAM_FFC_DIGEST,