mirror of
https://github.com/opnsense/src.git
synced 2026-02-18 18:20:26 -05:00
b84c4564ef
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.9.tar.gz Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.9.tar.gz 14 MB 74 MBps 01s openssl-3.0.9.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.9 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14] A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C uid [ unknown] Tomáš Mráz <tm@t8m.info> uid [ unknown] Tomáš Mráz <tomas@arleto.cz> uid [ unknown] Tomáš Mráz <tomas@openssl.org> sub rsa4096 2021-07-16 [S] [expires: 2027-07-15] sub rsa4096 2021-07-16 [E] [expires: 2031-07-14] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue May 30 14:32:24 2023 CEST gpg: using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown] gpg: aka "Tomáš Mráz <tomas@arleto.cz>" [unknown] gpg: aka "Tomáš Mráz <tomas@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C Subkey fingerprint: DC70 3266 2AF8 85E2 F47F 243F 5274 66A2 1CA7 9E6D $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ```
130 lines
4.2 KiB
C
130 lines
4.2 KiB
C
/*
|
|
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/core_names.h>
|
|
#include "internal/ffc.h"
|
|
#include "internal/sizes.h"
|
|
|
|
/*
|
|
* The intention with the "backend" source file is to offer backend support
|
|
* for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
|
|
* implementations alike.
|
|
*/
|
|
|
|
int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
|
|
{
|
|
const OSSL_PARAM *prm;
|
|
const OSSL_PARAM *param_p, *param_q, *param_g;
|
|
BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
|
|
int i;
|
|
|
|
if (ffc == NULL)
|
|
return 0;
|
|
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
|
if (prm != NULL) {
|
|
/*
|
|
* In a no-dh build we just go straight to err because we have no
|
|
* support for this.
|
|
*/
|
|
#ifndef OPENSSL_NO_DH
|
|
const DH_NAMED_GROUP *group = NULL;
|
|
|
|
if (prm->data_type != OSSL_PARAM_UTF8_STRING
|
|
|| prm->data == NULL
|
|
|| (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
|
|
|| !ossl_ffc_named_group_set(ffc, group))
|
|
#endif
|
|
goto err;
|
|
}
|
|
|
|
param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
|
|
param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
|
|
param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
|
|
|
|
if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p))
|
|
|| (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q))
|
|
|| (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g)))
|
|
goto err;
|
|
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ffc->gindex = i;
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ffc->pcounter = i;
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_COFACTOR);
|
|
if (prm != NULL && !OSSL_PARAM_get_BN(prm, &j))
|
|
goto err;
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ffc->h = i;
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
|
|
if (prm != NULL) {
|
|
if (prm->data_type != OSSL_PARAM_OCTET_STRING)
|
|
goto err;
|
|
if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size))
|
|
goto err;
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i);
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i);
|
|
}
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY);
|
|
if (prm != NULL) {
|
|
if (!OSSL_PARAM_get_int(prm, &i))
|
|
goto err;
|
|
ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, i);
|
|
}
|
|
|
|
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
|
|
if (prm != NULL) {
|
|
const OSSL_PARAM *p1;
|
|
const char *props = NULL;
|
|
|
|
if (prm->data_type != OSSL_PARAM_UTF8_STRING)
|
|
goto err;
|
|
p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
|
|
if (p1 != NULL) {
|
|
if (p1->data_type != OSSL_PARAM_UTF8_STRING)
|
|
goto err;
|
|
props = p1->data;
|
|
}
|
|
if (!ossl_ffc_set_digest(ffc, prm->data, props))
|
|
goto err;
|
|
}
|
|
|
|
ossl_ffc_params_set0_pqg(ffc, p, q, g);
|
|
ossl_ffc_params_set0_j(ffc, j);
|
|
return 1;
|
|
|
|
err:
|
|
BN_free(j);
|
|
BN_free(p);
|
|
BN_free(q);
|
|
BN_free(g);
|
|
return 0;
|
|
}
|