wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make the EVP Key Exchange code provider aware

Browse source 
We introduce a new EVP_KEYEXCH type to represent key exchange algorithms
and refactor the existing code to use it where available.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)
This commit is contained in:
Matt Caswell 2019-06-27 10:48:17 +01:00
parent cbfa5b0398
commit ff64702b3d
14 changed files with 607 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto/err/openssl.txt
View file

@ -807,6 +807,7 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch
EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl
EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str
EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new
@ -838,6 +839,7 @@ EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init
EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old
EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive
EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init
EVP_F_EVP_PKEY_DERIVE_INIT_EX:243:EVP_PKEY_derive_init_ex
EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer
EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt
EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init

2
crypto/evp/build.info
View file

@ -15,7 +15,7 @@ SOURCE[../../libcrypto]=$COMMON\
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c \
mac_lib.c c_allm.c pkey_mac.c
mac_lib.c c_allm.c pkey_mac.c exchange.c
SOURCE[../../providers/fips]=$COMMON
INCLUDE[e_aes.o]=.. ../modes

131
crypto/evp/evp_lib.c
View file

@ -13,6 +13,7 @@
#include <openssl/objects.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/dh.h>
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
@ -726,3 +727,133 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
OPENSSL_free(bin);
return rv;
}
#ifndef FIPS_MODE
/*
* TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added
* in later.
*/
#define MAX_PARAMS 10
typedef struct {
/* Number of the current param */
size_t curr;
struct {
/* Key for the current param */
const char *key;
/* Value for the current param */
const BIGNUM *bnparam;
/* Size of the buffer required for the BN */
size_t bufsz;
} params[MAX_PARAMS];
/* Running count of the total size required */
size_t totsz;
int ispublic;
} PARAMS_TEMPLATE;
static int push_param_bn(PARAMS_TEMPLATE *tmpl, const char *key,
const BIGNUM *bn)
{
int sz;
sz = BN_num_bytes(bn);
if (sz <= 0)
return 0;
tmpl->params[tmpl->curr].key = key;
tmpl->params[tmpl->curr].bnparam = bn;
tmpl->params[tmpl->curr++].bufsz = (size_t)sz;
tmpl->totsz += sizeof(OSSL_PARAM) + (size_t)sz;
return 1;
}
static OSSL_PARAM *param_template_to_param(PARAMS_TEMPLATE *tmpl, size_t *sz)
{
size_t i;
void *buf;
OSSL_PARAM *param = NULL;
unsigned char *currbuf = NULL;
if (tmpl->totsz == 0)
return NULL;
/* Add some space for the end of OSSL_PARAM marker */
tmpl->totsz += sizeof(*param);
if (tmpl->ispublic)
buf = OPENSSL_zalloc(tmpl->totsz);
else
buf = OPENSSL_secure_zalloc(tmpl->totsz);
if (buf == NULL)
return NULL;
param = buf;
currbuf = (unsigned char *)buf + (sizeof(*param) * (tmpl->curr + 1));
for (i = 0; i < tmpl->curr; i++) {
if (!ossl_assert((currbuf - (unsigned char *)buf )
+ tmpl->params[i].bufsz <= tmpl->totsz))
goto err;
if (BN_bn2nativepad(tmpl->params[i].bnparam, currbuf,
tmpl->params[i].bufsz) < 0)
goto err;
param[i] = OSSL_PARAM_construct_BN(tmpl->params[i].key, currbuf,
tmpl->params[i].bufsz);
currbuf += tmpl->params[i].bufsz;
}
param[i] = OSSL_PARAM_construct_end();
if (sz != NULL)
*sz = tmpl->totsz;
return param;
err:
if (tmpl->ispublic)
OPENSSL_free(param);
else
OPENSSL_clear_free(param, tmpl->totsz);
return NULL;
}
static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz)
{
DH *dh = pkey->pkey.dh;
PARAMS_TEMPLATE tmpl = {0};
const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
const BIGNUM *pub_key = DH_get0_pub_key(dh);
const BIGNUM *priv_key = DH_get0_priv_key(dh);
if (p == NULL || g == NULL || pub_key == NULL)
return NULL;
if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_P, p)
|| !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_G, g)
|| !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
return NULL;
if (q != NULL) {
if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_Q, q))
return NULL;
}
if (priv_key != NULL) {
if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key))
return NULL;
} else {
tmpl.ispublic = 1;
}
return param_template_to_param(&tmpl, sz);
}
OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz)
{
switch (pkey->type) {
case EVP_PKEY_DH:
return evp_pkey_dh_to_param(pkey, sz);
default:
return NULL;
}
}
#endif /* FIPS_MODE */

36
crypto/evp/evp_locl.h
View file

@ -9,6 +9,8 @@
/* EVP_MD_CTX related stuff */
#include <openssl/core_numbers.h>
struct evp_md_ctx_st {
const EVP_MD *reqdigest; /* The original requested digest */
const EVP_MD *digest;
@ -60,6 +62,20 @@ struct evp_kdf_ctx_st {
EVP_KDF_IMPL *impl; /* Algorithm-specific data */
} /* EVP_KDF_CTX */ ;
struct evp_keyexch_st {
OSSL_PROVIDER *prov;
CRYPTO_REF_COUNT refcnt;
CRYPTO_RWLOCK *lock;
OSSL_OP_keyexch_newctx_fn *newctx;
OSSL_OP_keyexch_init_fn *init;
OSSL_OP_keyexch_set_peer_fn *set_peer;
OSSL_OP_keyexch_derive_fn *derive;
OSSL_OP_keyexch_freectx_fn *freectx;
OSSL_OP_keyexch_dupctx_fn *dupctx;
} /* EVP_KEYEXCH */;
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
@ -114,3 +130,23 @@ int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx,
OSSL_PARAM params[]);
int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx,
OSSL_PARAM params[]);
OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);
#define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \
size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
\
if (pksize == 0) { \
EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
return 0; \
} \
if (arg == NULL) { \
*arglen = pksize; \
return 1; \
} \
if (*arglen < pksize) { \
EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
return 0; \
} \
}

354
crypto/evp/exchange.c Normal file
View file

@ -0,0 +1,354 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "internal/refcount.h"
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
{
EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
exchange->lock = CRYPTO_THREAD_lock_new();
if (exchange->lock == NULL) {
OPENSSL_free(exchange);
return NULL;
}
exchange->prov = prov;
ossl_provider_up_ref(prov);
exchange->refcnt = 1;
return exchange;
}
static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov)
{
EVP_KEYEXCH *exchange = NULL;
int fncnt = 0;
if ((exchange = evp_keyexch_new(prov)) == NULL)
return NULL;
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_KEYEXCH_NEWCTX:
if (exchange->newctx != NULL)
break;
exchange->newctx = OSSL_get_OP_keyexch_newctx(fns);
fncnt++;
break;
case OSSL_FUNC_KEYEXCH_INIT:
if (exchange->init != NULL)
break;
exchange->init = OSSL_get_OP_keyexch_init(fns);
fncnt++;
break;
case OSSL_FUNC_KEYEXCH_SET_PEER:
if (exchange->set_peer != NULL)
break;
exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns);
break;
case OSSL_FUNC_KEYEXCH_DERIVE:
if (exchange->derive != NULL)
break;
exchange->derive = OSSL_get_OP_keyexch_derive(fns);
fncnt++;
break;
case OSSL_FUNC_KEYEXCH_FREECTX:
if (exchange->freectx != NULL)
break;
exchange->freectx = OSSL_get_OP_keyexch_freectx(fns);
fncnt++;
break;
case OSSL_FUNC_KEYEXCH_DUPCTX:
if (exchange->dupctx != NULL)
break;
exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
break;
}
}
if (fncnt != 4) {
/*
* In order to be a consistent set of functions we must have at least
* a complete set of "exchange" functions: init, derive, newctx,
* and freectx. The dupctx and set_peer functions are optional.
*/
EVP_KEYEXCH_free(exchange);
EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
return exchange;
}
void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
{
if (exchange != NULL) {
int i;
CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
if (i > 0)
return;
ossl_provider_free(exchange->prov);
CRYPTO_THREAD_lock_free(exchange->lock);
OPENSSL_free(exchange);
}
}
int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
{
int ref = 0;
CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
return 1;
}
EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties)
{
return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
evp_keyexch_from_dispatch,
(int (*)(void *))EVP_KEYEXCH_up_ref,
(void (*)(void *))EVP_KEYEXCH_free);
}
int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange)
{
int ret;
OSSL_PARAM *param = NULL;
size_t paramsz = 0;
ctx->operation = EVP_PKEY_OP_DERIVE;
if (ctx->engine != NULL)
goto legacy;
if (exchange != NULL) {
if (!EVP_KEYEXCH_up_ref(exchange))
goto err;
} else {
int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
/*
* TODO(3.0): Check for legacy handling. Remove this once all all
* algorithms are moved to providers.
*/
if (ctx->pkey != NULL) {
switch (ctx->pkey->type) {
#if 0
case EVP_PKEY_DH:
break;
#endif
default:
goto legacy;
}
exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL);
} else {
goto legacy;
}
if (exchange == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
goto err;
}
}
if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
ctx->exchange->freectx(ctx->exchprovctx);
EVP_KEYEXCH_free(ctx->exchange);
ctx->exchange = exchange;
if (ctx->pkey != NULL) {
param = evp_pkey_to_param(ctx->pkey, &paramsz);
if (param == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
goto err;
}
}
ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
if (ctx->exchprovctx == NULL) {
OPENSSL_secure_clear_free(param, paramsz);
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
goto err;
}
ret = exchange->init(ctx->exchprovctx, param);
/*
* TODO(3.0): Really we should detect whether to call OPENSSL_free or
* OPENSSL_secure_clear_free based on the presence of a private key or not.
* Since we always expect a private key to be present we just call
* OPENSSL_secure_clear_free for now.
*/
OPENSSL_secure_clear_free(param, paramsz);
return ret ? 1 : 0;
err:
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return 0;
legacy:
if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->pmeth->derive_init == NULL)
return 1;
ret = ctx->pmeth->derive_init(ctx);
if (ret <= 0)
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return ret;
}
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
{
return EVP_PKEY_derive_init_ex(ctx, NULL);
}
int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
{
int ret;
OSSL_PARAM *param = NULL;
if (ctx == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->exchprovctx == NULL)
goto legacy;
if (ctx->operation != EVP_PKEY_OP_DERIVE) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
if (ctx->exchange->set_peer == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
param = evp_pkey_to_param(peer, NULL);
if (param == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR);
return 0;
}
ret = ctx->exchange->set_peer(ctx->exchprovctx, param);
/*
* TODO(3.0): Really we should detect whether to call OPENSSL_free or
* OPENSSL_secure_clear_free based on the presence of a private key or not.
* Since we always expect a public key to be present we just call
* OPENSSL_free for now.
*/
OPENSSL_free(param);
return ret;
legacy:
if (ctx->pmeth == NULL
|| !(ctx->pmeth->derive != NULL
|| ctx->pmeth->encrypt != NULL
|| ctx->pmeth->decrypt != NULL)
|| ctx->pmeth->ctrl == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->operation != EVP_PKEY_OP_DERIVE
&& ctx->operation != EVP_PKEY_OP_ENCRYPT
&& ctx->operation != EVP_PKEY_OP_DECRYPT) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
if (ret <= 0)
return ret;
if (ret == 2)
return 1;
if (ctx->pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
return -1;
}
if (ctx->pkey->type != peer->type) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
return -1;
}
/*
* For clarity. The error is if parameters in peer are
* present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
* (different key types) is impossible here because it is checked earlier.
* -2 is OK for us here, as well as 1, so we can check for 0 only.
*/
if (!EVP_PKEY_missing_parameters(peer) &&
!EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
return -1;
}
EVP_PKEY_free(ctx->peerkey);
ctx->peerkey = peer;
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
if (ret <= 0) {
ctx->peerkey = NULL;
return ret;
}
EVP_PKEY_up_ref(peer);
return 1;
}
int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
{
int ret;
if (ctx == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->operation != EVP_PKEY_OP_DERIVE) {
EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
if (ctx->exchprovctx == NULL)
goto legacy;
ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX);
return ret;
legacy:
if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
return ctx->pmeth->derive(ctx, key, pkeylen);
}

116
crypto/evp/pmeth_fn.c
View file

@ -9,28 +9,11 @@
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "internal/cryptlib.h"
#include "internal/evp_int.h"
#define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \
size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
\
if (pksize == 0) { \
EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
return 0; \
} \
if (!arg) { \
*arglen = pksize; \
return 1; \
} \
if (*arglen < pksize) { \
EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
return 0; \
} \
}
#include "evp_locl.h"
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
{
@ -200,98 +183,3 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
}
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
{
int ret;
if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
ctx->operation = EVP_PKEY_OP_DERIVE;
if (!ctx->pmeth->derive_init)
return 1;
ret = ctx->pmeth->derive_init(ctx);
if (ret <= 0)
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return ret;
}
int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
{
int ret;
if (!ctx || !ctx->pmeth
|| !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt)
|| !ctx->pmeth->ctrl) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->operation != EVP_PKEY_OP_DERIVE
&& ctx->operation != EVP_PKEY_OP_ENCRYPT
&& ctx->operation != EVP_PKEY_OP_DECRYPT) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
if (ret <= 0)
return ret;
if (ret == 2)
return 1;
if (!ctx->pkey) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
return -1;
}
if (ctx->pkey->type != peer->type) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
return -1;
}
/*
* For clarity. The error is if parameters in peer are
* present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
* (different key types) is impossible here because it is checked earlier.
* -2 is OK for us here, as well as 1, so we can check for 0 only.
*/
if (!EVP_PKEY_missing_parameters(peer) &&
!EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
return -1;
}
EVP_PKEY_free(ctx->peerkey);
ctx->peerkey = peer;
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
if (ret <= 0) {
ctx->peerkey = NULL;
return ret;
}
EVP_PKEY_up_ref(peer);
return 1;
}
int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
{
if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
EVPerr(EVP_F_EVP_PKEY_DERIVE,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
if (ctx->operation != EVP_PKEY_OP_DERIVE) {
EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
return ctx->pmeth->derive(ctx, key, pkeylen);
}

45
crypto/evp/pmeth_lib.c
View file

@ -16,6 +16,7 @@
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "internal/numbers.h"
#include "evp_locl.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@ -253,7 +254,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
{
EVP_PKEY_CTX *rctx;
if (!pctx->pmeth || !pctx->pmeth->copy)
if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL))
&& pctx->exchprovctx == NULL)
return NULL;
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a pkey context using an ENGINE */
@ -262,31 +265,43 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
return 0;
}
#endif
rctx = OPENSSL_malloc(sizeof(*rctx));
rctx = OPENSSL_zalloc(sizeof(*rctx));
if (rctx == NULL) {
EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (pctx->pkey != NULL)
EVP_PKEY_up_ref(pctx->pkey);
rctx->pkey = pctx->pkey;
rctx->operation = pctx->operation;
if (pctx->exchprovctx != NULL) {
if (!ossl_assert(pctx->exchange != NULL))
return NULL;
rctx->exchange = pctx->exchange;
if (!EVP_KEYEXCH_up_ref(rctx->exchange)) {
OPENSSL_free(rctx);
return NULL;
}
rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx);
if (rctx->exchprovctx == NULL) {
EVP_KEYEXCH_free(rctx->exchange);
OPENSSL_free(rctx);
return NULL;
}
return rctx;
}
rctx->pmeth = pctx->pmeth;
#ifndef OPENSSL_NO_ENGINE
rctx->engine = pctx->engine;
#endif
if (pctx->pkey)
EVP_PKEY_up_ref(pctx->pkey);
rctx->pkey = pctx->pkey;
if (pctx->peerkey)
EVP_PKEY_up_ref(pctx->peerkey);
rctx->peerkey = pctx->peerkey;
rctx->data = NULL;
rctx->app_data = NULL;
rctx->operation = pctx->operation;
if (pctx->pmeth->copy(rctx, pctx) > 0)
return rctx;
@ -355,6 +370,12 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
return;
if (ctx->pmeth && ctx->pmeth->cleanup)
ctx->pmeth->cleanup(ctx);
if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
ctx->exchange->freectx(ctx->exchprovctx);
EVP_KEYEXCH_free(ctx->exchange);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
#ifndef OPENSSL_NO_ENGINE

5
crypto/include/internal/evp_int.h
View file

@ -18,6 +18,11 @@
#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
struct evp_pkey_ctx_st {
EVP_KEYEXCH *exchange;
void *exchprovctx;
/* Legacy fields below */
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
/* Engine that implements this method or NULL if builtin */

8
crypto/params.c
View file

@ -582,13 +582,6 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf)
sizeof(size_t));
}
#ifndef FIPS_MODE
/*
* TODO(3.0): Make this available in FIPS mode.
*
* Temporarily we don't include these functions in FIPS mode to avoid pulling
* in the entire BN sub-library into the module at this point.
*/
int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val)
{
BIGNUM *b;
@ -632,7 +625,6 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER,
buf, bsize);
}
#endif
int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val)
{

9
include/openssl/core_names.h
View file

@ -56,6 +56,15 @@ extern "C" {
#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type"
#define OSSL_DIGEST_PARAM_MICALG "micalg"
/* PKEY parameters */
/* Diffie-Hellman Parameters */
#define OSSL_PKEY_PARAM_DH_P "dh-p"
#define OSSL_PKEY_PARAM_DH_G "dh-g"
#define OSSL_PKEY_PARAM_DH_Q "dh-q"
/* Diffie-Hellman Keys */
#define OSSL_PKEY_PARAM_DH_PUB_KEY "dh-pub"
#define OSSL_PKEY_PARAM_DH_PRIV_KEY "dh-priv"
# ifdef __cplusplus
}
# endif

21
include/openssl/core_numbers.h
View file

@ -229,6 +229,27 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx,
OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
const OSSL_PARAM params[]))
/* Key Exchange */
# define OSSL_OP_KEYEXCH 3
# define OSSL_FUNC_KEYEXCH_NEWCTX 1
# define OSSL_FUNC_KEYEXCH_INIT 2
# define OSSL_FUNC_KEYEXCH_DERIVE 3
# define OSSL_FUNC_KEYEXCH_SET_PEER 4
# define OSSL_FUNC_KEYEXCH_FREECTX 5
# define OSSL_FUNC_KEYEXCH_DUPCTX 6
OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx,
OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *key,
size_t *keylen, size_t outlen))
OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx,
OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx))
OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx))
# ifdef __cplusplus
}
# endif

7
include/openssl/evp.h
View file

@ -1477,6 +1477,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange);
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
@ -1705,6 +1706,12 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx));
void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange);
int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
void EVP_add_alg_module(void);
/*

2
include/openssl/ossl_typ.h
View file

@ -104,6 +104,8 @@ typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
typedef struct evp_kdf_st EVP_KDF;
typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
typedef struct evp_keyexch_st EVP_KEYEXCH;
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX;

4
util/libcrypto.num
View file

@ -4679,3 +4679,7 @@ BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION:
BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION:
BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION:
BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION:
EVP_PKEY_derive_init_ex 4788 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_free 4789 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_up_ref 4790 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_fetch 4791 3_0_0 EXIST::FUNCTION: