mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix users of KDFs to use params not ctls

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
This commit is contained in:
Pauli 2019-08-21 08:06:29 +10:00
parent b50ca330cb
commit 7707526b8d
5 changed files with 198 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
crypto/dh/dh_kdf.c
View File

@ -11,10 +11,12 @@
#ifndef OPENSSL_NO_CMS
# include <string.h>
# include <openssl/core_names.h>
# include <openssl/dh.h>
# include <openssl/evp.h>
# include <openssl/asn1.h>
# include <openssl/kdf.h>
# include <internal/provider.h>
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
@ -23,8 +25,12 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
{
int ret = 0, nid;
EVP_KDF_CTX *kctx = NULL;
const EVP_KDF *kdf = NULL;
EVP_KDF *kdf = NULL;
const char *oid_sn;
OSSL_PARAM params[5], *p = params;
const char *mdname = EVP_MD_name(md);
const OSSL_PROVIDER *prov = EVP_MD_provider(md);
OPENSSL_CTX *provctx = ossl_provider_library_context(prov);
nid = OBJ_obj2nid(key_oid);
if (nid == NID_undef)
@ -33,20 +39,24 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
if (oid_sn == NULL)
return 0;
kdf = EVP_get_kdfbyname(SN_x942kdf);
if (kdf == NULL)
kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL);
if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
goto err;
kctx = EVP_KDF_CTX_new(kdf);
ret =
kctx != NULL
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0
&& (ukm == NULL
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, ukmlen) > 0)
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, oid_sn) > 0
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
(char *)mdname, strlen(mdname) + 1);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(unsigned char *)Z, Zlen);
if (ukm != NULL)
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM,
(unsigned char *)ukm, ukmlen);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
(char *)oid_sn, strlen(oid_sn) + 1);
*p = OSSL_PARAM_construct_end();
ret = EVP_KDF_CTX_set_params(kctx, params) > 0
&& EVP_KDF_derive(kctx, out, outlen) > 0;
err:
EVP_KDF_CTX_free(kctx);
EVP_KDF_free(kdf);
return ret;
}
#endif /* OPENSSL_NO_CMS */

28
crypto/ec/ecdh_kdf.c
View File

@ -8,6 +8,7 @@
*/
#include <string.h>
#include <openssl/core_names.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/kdf.h>
@ -19,18 +20,27 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
{
int ret;
int ret = 0;
EVP_KDF_CTX *kctx = NULL;
OSSL_PARAM params[4], *p = params;
const char *mdname = EVP_MD_name(md);
EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_x963kdf, NULL);
kctx = EVP_KDF_CTX_new(EVP_get_kdfbyname(SN_x963kdf));
ret =
kctx != NULL
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0
&& EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, sinfo, sinfolen) > 0
&& EVP_KDF_derive(kctx, out, outlen) > 0;
if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
(char *)mdname,
strlen(mdname) + 1);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(void *)Z, Zlen);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
(void *)sinfo, sinfolen);
*p = OSSL_PARAM_construct_end();
EVP_KDF_CTX_free(kctx);
ret = EVP_KDF_CTX_set_params(kctx, params) > 0
&& EVP_KDF_derive(kctx, out, outlen) > 0;
EVP_KDF_CTX_free(kctx);
}
EVP_KDF_free(kdf);
return ret;
}

26
crypto/evp/p5_crpt2.c
View File

@ -15,6 +15,7 @@
#include <openssl/kdf.h>
#include <openssl/hmac.h>
#include <openssl/trace.h>
#include <openssl/core_names.h>
#include "internal/evp_int.h"
#include "evp_locl.h"
@ -23,8 +24,11 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const EVP_MD *digest, int keylen, unsigned char *out)
{
const char *empty = "";
int rv = 1;
int rv = 1, mode = 1;
EVP_KDF *kdf;
EVP_KDF_CTX *kctx;
const char *mdname = EVP_MD_name(digest);
OSSL_PARAM params[6], *p = params;
/* Keep documented behaviour. */
if (pass == NULL) {
@ -36,15 +40,21 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
if (salt == NULL && saltlen == 0)
salt = (unsigned char *)empty;
kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2);
kdf = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
return 0;
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, 1) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
salt, (size_t)saltlen) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, iter) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, digest) != 1
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
(char *)pass, (size_t)passlen);
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
(unsigned char *)salt, saltlen);
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
(char *)mdname, strlen(mdname) + 1);
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) != 1
|| EVP_KDF_derive(kctx, out, keylen) != 1)
rv = 0;

25
crypto/evp/pbe_scrypt.c
View File

@ -10,6 +10,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/kdf.h>
#include <openssl/core_names.h>
#include "internal/numbers.h"
#ifndef OPENSSL_NO_SCRYPT
@ -40,7 +41,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
{
const char *empty = "";
int rv = 1;
EVP_KDF *kdf;
EVP_KDF_CTX *kctx;
OSSL_PARAM params[7], *z = params;
if (r > UINT32_MAX || p > UINT32_MAX) {
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
@ -59,17 +62,23 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
if (maxmem == 0)
maxmem = SCRYPT_MAX_MEM;
kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT);
kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
return 0;
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
salt, (size_t)saltlen) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1
|| EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1
*z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
(unsigned char *)pass,
passlen);
*z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
(unsigned char *)salt, saltlen);
*z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N);
*z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r);
*z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p);
*z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
*z = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) != 1
|| EVP_KDF_derive(kctx, key, keylen) != 1)
rv = 0;

180
crypto/evp/pkey_kdf.c
View File

@ -12,130 +12,187 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/kdf.h>
#include <openssl/core.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include "internal/numbers.h"
#include "internal/evp_int.h"
#define MAX_PARAM 20
typedef struct {
EVP_KDF_CTX *kctx;
/* TODO(3.0): come up with a better way to do this */
OSSL_PARAM params[MAX_PARAM];
int palloc[MAX_PARAM];
uint64_t uint64s[MAX_PARAM];
int ints[MAX_PARAM];
int pidx;
} EVP_PKEY_KDF_CTX;
static void pkey_kdf_free_param_data(EVP_PKEY_KDF_CTX *pkctx)
{
int i;
for (i = 0; i < pkctx->pidx; i++)
if (pkctx->palloc[i])
OPENSSL_free(pkctx->params[i].data);
pkctx->pidx = 0;
}
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
{
EVP_PKEY_KDF_CTX *pkctx;
EVP_KDF_CTX *kctx;
const char *kdf_name = OBJ_nid2sn(ctx->pmeth->pkey_id);
EVP_KDF *kdf;
kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id);
if (kctx == NULL)
pkctx = OPENSSL_zalloc(sizeof(*pkctx));
if (pkctx == NULL)
return 0;
ctx->data = kctx;
kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL) {
OPENSSL_free(pkctx);
return 0;
}
pkctx->kctx = kctx;
ctx->data = pkctx;
return 1;
}
static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
{
EVP_KDF_CTX *kctx = ctx->data;
EVP_PKEY_KDF_CTX *pkctx = ctx->data;
EVP_KDF_CTX_free(kctx);
EVP_KDF_CTX_free(pkctx->kctx);
pkey_kdf_free_param_data(pkctx);
OPENSSL_free(pkctx);
}
static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
EVP_KDF_CTX *kctx = ctx->data;
uint64_t u64_value;
int cmd;
int ret;
EVP_PKEY_KDF_CTX *pkctx = ctx->data;
enum { T_OCTET_STRING, T_UINT64, T_DIGEST, T_INT } cmd;
const char *name, *mdname;
OSSL_PARAM *p = pkctx->params + pkctx->pidx;
switch (type) {
case EVP_PKEY_CTRL_PASS:
cmd = EVP_KDF_CTRL_SET_PASS;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_PASSWORD;
break;
case EVP_PKEY_CTRL_HKDF_SALT:
case EVP_PKEY_CTRL_SCRYPT_SALT:
cmd = EVP_KDF_CTRL_SET_SALT;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_SALT;
break;
case EVP_PKEY_CTRL_TLS_MD:
case EVP_PKEY_CTRL_HKDF_MD:
cmd = EVP_KDF_CTRL_SET_MD;
cmd = T_DIGEST;
name = OSSL_KDF_PARAM_DIGEST;
break;
case EVP_PKEY_CTRL_TLS_SECRET:
cmd = EVP_KDF_CTRL_SET_TLS_SECRET;
ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED);
if (ret < 1)
return ret;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_SECRET;
break;
case EVP_PKEY_CTRL_TLS_SEED:
cmd = EVP_KDF_CTRL_ADD_TLS_SEED;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_SEED;
break;
case EVP_PKEY_CTRL_HKDF_KEY:
cmd = EVP_KDF_CTRL_SET_KEY;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_KEY;
break;
case EVP_PKEY_CTRL_HKDF_INFO:
cmd = EVP_KDF_CTRL_ADD_HKDF_INFO;
cmd = T_OCTET_STRING;
name = OSSL_KDF_PARAM_INFO;
break;
case EVP_PKEY_CTRL_HKDF_MODE:
cmd = EVP_KDF_CTRL_SET_HKDF_MODE;
cmd = T_INT;
name = OSSL_KDF_PARAM_MODE;
break;
case EVP_PKEY_CTRL_SCRYPT_N:
cmd = EVP_KDF_CTRL_SET_SCRYPT_N;
cmd = T_UINT64;
name = OSSL_KDF_PARAM_SCRYPT_N;
break;
case EVP_PKEY_CTRL_SCRYPT_R:
cmd = EVP_KDF_CTRL_SET_SCRYPT_R;
cmd = T_UINT64; /* Range checking occurs on the provider side */
name = OSSL_KDF_PARAM_SCRYPT_R;
break;
case EVP_PKEY_CTRL_SCRYPT_P:
cmd = EVP_KDF_CTRL_SET_SCRYPT_P;
cmd = T_UINT64; /* Range checking occurs on the provider side */
name = OSSL_KDF_PARAM_SCRYPT_P;
break;
case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES;
cmd = T_UINT64;
name = OSSL_KDF_PARAM_SCRYPT_MAXMEM;
break;
default:
return -2;
}
switch (cmd) {
case EVP_KDF_CTRL_SET_PASS:
case EVP_KDF_CTRL_SET_SALT:
case EVP_KDF_CTRL_SET_KEY:
case EVP_KDF_CTRL_SET_TLS_SECRET:
case EVP_KDF_CTRL_ADD_TLS_SEED:
case EVP_KDF_CTRL_ADD_HKDF_INFO:
return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1);
case T_OCTET_STRING:
*p = OSSL_PARAM_construct_octet_string(name, (unsigned char *)p2,
(size_t)p1);
break;
case EVP_KDF_CTRL_SET_MD:
return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2);
case T_DIGEST:
mdname = EVP_MD_name((const EVP_MD *)p2);
*p = OSSL_PARAM_construct_utf8_string(name, (char *)mdname,
strlen(mdname) + 1);
break;
case EVP_KDF_CTRL_SET_HKDF_MODE:
return EVP_KDF_ctrl(kctx, cmd, (int)p1);
/*
* These are special because the helper macros pass a pointer to the
* stack, so a local copy is required.
*/
case T_INT:
pkctx->ints[pkctx->pidx] = *(int *)p2;
*p = OSSL_PARAM_construct_int(name, pkctx->ints + pkctx->pidx);
break;
case EVP_KDF_CTRL_SET_SCRYPT_R:
case EVP_KDF_CTRL_SET_SCRYPT_P:
u64_value = *(uint64_t *)p2;
if (u64_value > UINT32_MAX) {
EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE);
return 0;
}
return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value);
case EVP_KDF_CTRL_SET_SCRYPT_N:
case EVP_KDF_CTRL_SET_MAXMEM_BYTES:
return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2);
default:
return 0;
case T_UINT64:
pkctx->uint64s[pkctx->pidx] = *(uint64_t *)p2;
*p = OSSL_PARAM_construct_uint64(name, pkctx->uint64s + pkctx->pidx);
break;
}
pkctx->palloc[pkctx->pidx++] = 0;
return 1;
}
static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value)
{
EVP_KDF_CTX *kctx = ctx->data;
EVP_PKEY_KDF_CTX *pkctx = ctx->data;
EVP_KDF_CTX *kctx = pkctx->kctx;
const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx);
const OSSL_PARAM *defs = EVP_KDF_CTX_settable_params(kdf);
OSSL_PARAM *p = pkctx->params + pkctx->pidx;
/* Deal with ctrl name aliasing */
if (strcmp(type, "md") == 0)
return EVP_KDF_ctrl_str(kctx, "digest", value);
return EVP_KDF_ctrl_str(kctx, type, value);
type = OSSL_KDF_PARAM_DIGEST;
/* scrypt uses 'N', params uses 'n' */
if (strcmp(type, "N") == 0)
type = OSSL_KDF_PARAM_SCRYPT_N;
if (!OSSL_PARAM_allocate_from_text(p, defs, type, value, strlen(value)))
return 0;
pkctx->palloc[pkctx->pidx++] = 1;
return 1;
}
static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
{
EVP_KDF_CTX *kctx = ctx->data;
EVP_PKEY_KDF_CTX *pkctx = ctx->data;
EVP_KDF_reset(kctx);
pkey_kdf_free_param_data(pkctx);
EVP_KDF_reset(pkctx->kctx);
return 1;
}
@ -146,9 +203,18 @@ static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
EVP_KDF_CTX *kctx = ctx->data;
EVP_PKEY_KDF_CTX *pkctx = ctx->data;
EVP_KDF_CTX *kctx = pkctx->kctx;
size_t outlen = EVP_KDF_size(kctx);
int r;
if (pkctx->pidx > 0) {
pkctx->params[pkctx->pidx] = OSSL_PARAM_construct_end();
r = EVP_KDF_CTX_set_params(kctx, pkctx->params);
pkey_kdf_free_param_data(pkctx);
if (!r)
return 0;
}
if (outlen == 0 || outlen == SIZE_MAX) {
/* Variable-output algorithm */
if (key == NULL)