Add helper functions needed for NTP (#1355)

* Add helper functions needed for NTP: * EVP_MD_get_pkey_type * EVP_MD_get0_name * RAND_write_file * DES_key_sched
aws · Dec 15, 2023 · 0e22b2e · 0e22b2e
1 parent a05dfc6
commit 0e22b2e
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 4 deletions.
diff --git a/crypto/des/des.c b/crypto/des/des.c
@@ -349,6 +349,11 @@ void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
   }
 }
 
+int DES_key_sched(const DES_cblock *key, DES_key_schedule *schedule) {
+  DES_set_key(key, schedule);
+  return 1;
+}
+
 static const uint8_t kOddParity[256] = {
     1,   1,   2,   2,   4,   4,   7,   7,   8,   8,   11,  11,  13,  13,  14,
     14,  16,  16,  19,  19,  21,  21,  22,  22,  25,  25,  26,  26,  28,  28,

diff --git a/crypto/digest_extra/digest_test.cc b/crypto/digest_extra/digest_test.cc
@@ -26,6 +26,7 @@
 #include <openssl/crypto.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/nid.h>
@@ -396,6 +397,10 @@ TEST(DigestTest, Getters) {
   EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption));
   EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef));
 
+  EXPECT_EQ(NID_sha1WithRSAEncryption, EVP_MD_get_pkey_type(EVP_sha1()));
+  EXPECT_EQ(NID_sha512WithRSAEncryption, EVP_MD_get_pkey_type(EVP_sha512()));
+  EXPECT_STREQ("SHA512", EVP_MD_get0_name(EVP_sha512()));
+
   bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj("1.3.14.3.2.26", 0));
   ASSERT_TRUE(obj);
   EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get()));

diff --git a/crypto/fipsmodule/evp/evp.c b/crypto/fipsmodule/evp/evp.c
@@ -210,6 +210,31 @@ int EVP_PKEY_id(const EVP_PKEY *pkey) {
   return pkey->type;
 }
 
+int EVP_MD_get_pkey_type(const EVP_MD *md) {
+  if (md) {
+    int sig_nid = 0;
+    if (OBJ_find_sigid_by_algs(&sig_nid, md->type, NID_rsaEncryption)) {
+      return sig_nid;
+    }
+  }
+  return 0;
+}
+
+int EVP_MD_pkey_type(const EVP_MD *md){
+  return EVP_MD_get_pkey_type(md);
+}
+
+const char *EVP_MD_get0_name(const EVP_MD *md) {
+  if (md != NULL) {
+    return OBJ_nid2sn(EVP_MD_nid(md));
+  }
+  return NULL;
+}
+
+const char *EVP_MD_name(const EVP_MD *md) {
+  return EVP_MD_get0_name(md);
+}
+
 extern const EVP_PKEY_ASN1_METHOD *const *AWSLC_non_fips_pkey_evp_asn1_methods(void);
 
 // evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which

diff --git a/crypto/rand_extra/rand_extra.c b/crypto/rand_extra/rand_extra.c
@@ -34,6 +34,10 @@ int RAND_load_file(const char *path, long num) {
   }
 }
 
+int RAND_write_file(const char *file) {
+  return -1;
+}
+
 const char *RAND_file_name(char *buf, size_t num) { return NULL; }
 
 void RAND_add(const void *buf, int num, double entropy) {}

diff --git a/include/openssl/des.h b/include/openssl/des.h
@@ -95,6 +95,9 @@ typedef struct DES_ks {
 OPENSSL_EXPORT void DES_set_key(const DES_cblock *key,
                                 DES_key_schedule *schedule);
 
+// DES_key_sched calls |DES_set_key| and returns 1.
+OPENSSL_EXPORT int DES_key_sched(const DES_cblock *key, DES_key_schedule *schedule);
+
 // DES_set_odd_parity sets the parity bits (the least-significant bits in each
 // byte) of |key| given the other bits in each byte.
 OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -62,15 +62,14 @@
 #include <openssl/evp_errors.h>
 #include <openssl/thread.h>
 
-// OpenSSL included digest and cipher functions in this header so we include
-// them for users that still expect that.
-//
-// TODO(fork): clean up callers so that they include what they use.
+// OpenSSL included digest, cipher, and object functions in this header so we
+// include them for users that still expect that.
 #include <openssl/aead.h>
 #include <openssl/base64.h>
 #include <openssl/cipher.h>
 #include <openssl/digest.h>
 #include <openssl/nid.h>
+#include <openssl/objects.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -141,6 +140,11 @@ OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey);
 // otherwise.
 OPENSSL_EXPORT int EVP_PKEY_type(int nid);
 
+// EVP_MD_get0_name returns the short name of |md|
+OPENSSL_EXPORT const char *EVP_MD_get0_name(const EVP_MD *md);
+
+// EVP_MD_name calls |EVP_MD_get0_name|
+OPENSSL_EXPORT const char *EVP_MD_name(const EVP_MD *md);
 
 // Getting and setting concrete public key types.
 //
@@ -945,6 +949,14 @@ OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key);
 // functions instead.
 OPENSSL_EXPORT void *EVP_PKEY_get0(const EVP_PKEY *pkey);
 
+// EVP_MD_get_pkey_type returns the NID of the public key signing algorithm
+// associated with |md| and RSA. This does not return all potential signing
+// algorithms that could work with |md| and should not be used.
+OPENSSL_EXPORT int EVP_MD_get_pkey_type(const EVP_MD *md);
+
+// EVP_MD_pkey_type calls |EVP_MD_get_pkey_type|.
+OPENSSL_EXPORT int EVP_MD_pkey_type(const EVP_MD *md);
+
 // OpenSSL_add_all_algorithms does nothing.
 OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);
 
@@ -1166,6 +1178,8 @@ OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 #if !defined(BORINGSSL_PREFIX)
 #define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md
 #define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label
+#define EVP_MD_name EVP_MD_name
+#define EVP_MD_pkey_type EVP_MD_pkey_type
 #endif
 
 

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
@@ -82,6 +82,9 @@ OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
 // RAND_load_file returns a nonnegative number.
 OPENSSL_EXPORT int RAND_load_file(const char *path, long num);
 
+// RAND_write_file does nothing and returns negative 1.
+OPENSSL_EXPORT int RAND_write_file(const char *file);
+
 // RAND_file_name returns NULL.
 OPENSSL_EXPORT const char *RAND_file_name(char *buf, size_t num);