mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add DHX support to keymanager

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12575)
This commit is contained in:
Shane Lontis 2020-08-04 11:15:18 +10:00
parent 36b778fbb7
commit 627c220311
5 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/openssl/dh.h
View File

@ -40,6 +40,10 @@ extern "C" {
# define DH_FLAG_CACHE_MONT_P 0x01
# define DH_FLAG_TYPE_MASK 0xF000
# define DH_FLAG_TYPE_DH 0x0000
# define DH_FLAG_TYPE_DHX 0x1000
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.

1
providers/defltprov.c
View File

@ -374,6 +374,7 @@ static const OSSL_ALGORITHM deflt_asym_cipher[] = {
static const OSSL_ALGORITHM deflt_keymgmt[] = {
#ifndef OPENSSL_NO_DH
{ "DH:dhKeyAgreement", "provider=default", dh_keymgmt_functions },
{ "DHX:X9.42 DH:dhpublicnumber", "provider=default", dhx_keymgmt_functions },
#endif
#ifndef OPENSSL_NO_DSA
{ "DSA:dsaEncryption", "provider=default", dsa_keymgmt_functions },

1
providers/fips/fipsprov.c
View File

@ -447,6 +447,7 @@ static const OSSL_ALGORITHM fips_asym_cipher[] = {
static const OSSL_ALGORITHM fips_keymgmt[] = {
#ifndef OPENSSL_NO_DH
{ "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, dh_keymgmt_functions },
{ "DHX:X9.42 DH:dhpublicnumber", FIPS_DEFAULT_PROPERTIES, dhx_keymgmt_functions },
#endif
#ifndef OPENSSL_NO_DSA
{ "DSA", FIPS_DEFAULT_PROPERTIES, dsa_keymgmt_functions },

1
providers/implementations/include/prov/implementations.h
View File

@ -267,6 +267,7 @@ extern const OSSL_DISPATCH crngt_functions[];
/* Key management */
extern const OSSL_DISPATCH dh_keymgmt_functions[];
extern const OSSL_DISPATCH dhx_keymgmt_functions[];
extern const OSSL_DISPATCH dsa_keymgmt_functions[];
extern const OSSL_DISPATCH rsa_keymgmt_functions[];
extern const OSSL_DISPATCH rsapss_keymgmt_functions[];

72
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -29,6 +29,7 @@
static OSSL_FUNC_keymgmt_new_fn dh_newdata;
static OSSL_FUNC_keymgmt_free_fn dh_freedata;
static OSSL_FUNC_keymgmt_gen_init_fn dh_gen_init;
static OSSL_FUNC_keymgmt_gen_init_fn dhx_gen_init;
static OSSL_FUNC_keymgmt_gen_set_template_fn dh_gen_set_template;
static OSSL_FUNC_keymgmt_gen_set_params_fn dh_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn dh_gen_settable_params;
@ -73,6 +74,7 @@ struct dh_gen_ctx {
const char *mdprops;
OSSL_CALLBACK *cb;
void *cbarg;
int dh_type;
};
typedef struct dh_name2id_st{
@ -131,7 +133,26 @@ static int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
static void *dh_newdata(void *provctx)
{
return dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
DH *dh = NULL;
dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
}
return dh;
}
static void *dhx_newdata(void *provctx)
{
DH *dh = NULL;
dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DHX);
}
return dh;
}
static void dh_freedata(void *keydata)
@ -399,7 +420,7 @@ static int dh_validate(void *keydata, int selection)
return ok;
}
static void *dh_gen_init(void *provctx, int selection)
static void *dh_gen_init_base(void *provctx, int selection, int type)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct dh_gen_ctx *gctx = NULL;
@ -419,10 +440,21 @@ static void *dh_gen_init(void *provctx, int selection)
gctx->hindex = 0;
gctx->pcounter = -1;
gctx->generator = DH_GENERATOR_2;
gctx->dh_type = type;
}
return gctx;
}
static void *dh_gen_init(void *provctx, int selection)
{
return dh_gen_init_base(provctx, selection, DH_FLAG_TYPE_DH);
}
static void *dhx_gen_init(void *provctx, int selection)
{
return dh_gen_init_base(provctx, selection, DH_FLAG_TYPE_DHX);
}
static int dh_gen_set_template(void *genctx, void *templ)
{
struct dh_gen_ctx *gctx = genctx;
@ -624,6 +656,9 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (DH_generate_key(dh) <= 0)
goto end;
}
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, gctx->dh_type);
ret = 1;
end:
if (ret <= 0) {
@ -683,3 +718,36 @@ const OSSL_DISPATCH dh_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
{ 0, NULL }
};
/* For any DH key, we use the "DH" algorithms regardless of sub-type. */
static const char *dhx_query_operation_name(int operation_id)
{
return "DH";
}
const OSSL_DISPATCH dhx_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dhx_newdata },
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dhx_gen_init },
{ OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
(void (*)(void))dh_gen_settable_params },
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load },
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
{ OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params },
{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
{ OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
(void (*)(void))dhx_query_operation_name },
{ 0, NULL }
};