Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 715fe06911856ab3dd993b1be3d8959f7f8b565b..b001196309db3989385530c6129db37bf6827f05 100644 (file)
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -78,7 +78,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
                 OPENSSL_free(xkey);
                 return 0;
             }
-            if (id == NID_X25519) {
+            if (id == EVP_PKEY_X25519) {
                 xkey->privkey[0] &= 248;
                 xkey->privkey[31] &= 127;
                 xkey->privkey[31] |= 64;
@@ -86,7 +86,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
         } else {
             memcpy(xkey->privkey, p, X25519_KEYLEN);
         }
-        if (id == NID_X25519)
+        if (id == EVP_PKEY_X25519)
             X25519_public_from_private(xkey->pubkey, xkey->privkey);
         else
             ED25519_public_from_private(xkey->pubkey, xkey->privkey);
@@ -282,7 +282,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     switch (op) {
 
     case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
-        return ecx_key_op(pkey, NID_X25519, NULL, arg2, arg1, X25519_PUBLIC);
+        return ecx_key_op(pkey, EVP_PKEY_X25519, NULL, arg2, arg1,
+                          X25519_PUBLIC);
 
     case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
         if (pkey->pkey.ptr != NULL) {
@@ -305,8 +306,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 }
 
 const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
-    NID_X25519,
-    NID_X25519,
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
     0,
     "X25519",
     "OpenSSL X25519 algorithm",
@@ -380,8 +381,8 @@ static int ecd_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
 }
 
 const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
-    NID_ED25519,
-    NID_ED25519,
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
     0,
     "ED25519",
     "OpenSSL ED25519 algorithm",
@@ -451,7 +452,7 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 }
 
 const EVP_PKEY_METHOD ecx25519_pkey_meth = {
-    NID_X25519,
+    EVP_PKEY_X25519,
     0, 0, 0, 0, 0, 0, 0,
     pkey_ecx_keygen,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -510,7 +511,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 }
 
 const EVP_PKEY_METHOD ed25519_pkey_meth = {
-    NID_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
     0, 0, 0, 0, 0, 0,
     pkey_ecx_keygen,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,

diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index a1172e489d5dc3e6638976f2d6220bf0df5f4ca6..a93e26e439ee86630572cce2037706044ebb1269 100644 (file)
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -41,7 +41,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
     case EVP_PKEY_EC:
         ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
         break;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
         ret = EVP_PKT_SIGN;
         break;
     case EVP_PKEY_DH:

diff --git a/doc/man7/Ed25519.pod b/doc/man7/Ed25519.pod
index 39a1f19c491af1748a5dbc502b1c260a8d32c016..e9c4f2f798e10eb6eb538bcfefa4f2c1034351fe 100644 (file)
--- a/doc/man7/Ed25519.pod
+++ b/doc/man7/Ed25519.pod
@@ -31,7 +31,7 @@ or X509_sign_ctx() in the usual way.
 
 A context for the B<Ed25519> algorithm can be obtained by calling:
 
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
 
 =head1 EXAMPLE
 
@@ -42,7 +42,7 @@ output in PEM format:
  #include <openssl/pem.h>
  ...
  EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
  EVP_PKEY_keygen_init(pctx);
  EVP_PKEY_keygen(pctx, &pkey);
  EVP_PKEY_CTX_free(pctx);

diff --git a/doc/man7/X25519.pod b/doc/man7/X25519.pod
index 61c9047bf6517c905603231b7e915bcfe99f135a..96522c50545ed76c473ef59e3324cd1de29d2bd4 100644 (file)
--- a/doc/man7/X25519.pod
+++ b/doc/man7/X25519.pod
@@ -19,7 +19,7 @@ performing key derivation.
 
 A context for the B<X25519> algorithm can be obtained by calling:
 
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
 
 =head1 EXAMPLE
 
@@ -30,7 +30,7 @@ output in PEM format:
  #include <openssl/pem.h>
  ...
  EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
  EVP_PKEY_keygen_init(pctx);
  EVP_PKEY_keygen(pctx, &pkey);
  EVP_PKEY_CTX_free(pctx);

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4d7326b9ff29588738e7aa7ad2dd73368cbce8cb..89a64aeb8e0d69f8b16cffb52511d65371060098 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -56,6 +56,8 @@
 # define EVP_PKEY_HKDF   NID_hkdf
 # define EVP_PKEY_POLY1305 NID_poly1305
 # define EVP_PKEY_SIPHASH NID_siphash
+# define EVP_PKEY_X25519 NID_X25519
+# define EVP_PKEY_ED25519 NID_ED25519
 
 #ifdef  __cplusplus
 extern "C" {

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index abdeb56a30b630cd3bad3c300453429ab6136ad3..63d8953164cdddc9fe09a693bc8be8085ae8cb2a 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1251,7 +1251,7 @@ int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
         return SSL_PKEY_ECC;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
         return SSL_PKEY_ED25519;
 #endif
 #ifndef OPENSSL_NO_GOST

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0f1d95be31dd90353df92d0a34025601b85c705a..0a39b9755a5cfc52a888ab0c7637e98e2e56056d 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -169,7 +169,7 @@ static const tls_curve_info nid_list[] = {
     {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
     {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
     {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
-    {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
 };
 
 static const unsigned char ecformats_default[] = {
@@ -719,7 +719,7 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
      NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
      NID_ecdsa_with_SHA512, NID_secp521r1},
     {"ed25519", TLSEXT_SIGALG_ed25519,
-     NID_undef, -1, NID_ED25519, SSL_PKEY_ED25519,
+     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
      NID_undef, NID_undef},
     {NULL, TLSEXT_SIGALG_ecdsa_sha224,
      NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
@@ -1418,7 +1418,7 @@ static int tls12_get_pkey_idx(int sig_nid)
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
         return SSL_PKEY_ECC;
-    case NID_ED25519:
+    case EVP_PKEY_ED25519:
         return SSL_PKEY_ED25519;
 #endif
 #ifndef OPENSSL_NO_GOST
@@ -1498,7 +1498,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
             break;
 #endif
 #ifndef OPENSSL_NO_EC
-        case NID_ED25519:
+        case EVP_PKEY_ED25519:
         case EVP_PKEY_EC:
             if (!have_ecdsa && tls12_sigalg_allowed(s, op, lu))
                 have_ecdsa = 1;
@@ -2427,7 +2427,7 @@ int tls_choose_sigalg(SSL *s, int *al)
                     if (lu->sig_idx == idx
                         && (curve == -1 || lu->curve == curve))
                         break;
-                    if (idx == SSL_PKEY_ECC && lu->sig == NID_ED25519) {
+                    if (idx == SSL_PKEY_ECC && lu->sig == EVP_PKEY_ED25519) {
                         idx = SSL_PKEY_ED25519;
                         break;
                     }