summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/ec/build.info4
-rw-r--r--crypto/ec/ec_ameth.c132
-rw-r--r--crypto/ec/ec_asn1.c5
-rw-r--r--crypto/ec/ec_evp_lib.c422
-rw-r--r--crypto/ec/ec_key.c49
-rw-r--r--crypto/ec/ec_local.h3
-rw-r--r--crypto/evp/evp_local.h4
-rw-r--r--crypto/evp/exchange.c26
-rw-r--r--crypto/evp/keymgmt_meth.c37
-rw-r--r--crypto/evp/pmeth_lib.c165
-rw-r--r--include/crypto/evp.h19
-rw-r--r--include/openssl/core_names.h30
-rw-r--r--include/openssl/core_numbers.h12
-rw-r--r--include/openssl/ec.h56
-rw-r--r--providers/defltprov.c2
-rw-r--r--providers/implementations/exchange/build.info2
-rw-r--r--providers/implementations/exchange/ecdh_exch.c533
-rw-r--r--providers/implementations/include/prov/implementations.h2
-rw-r--r--providers/implementations/keymgmt/build.info4
-rw-r--r--providers/implementations/keymgmt/ec_kmgmt.c630
-rw-r--r--providers/implementations/keymgmt/ec_kmgmt_imexport.inc100
-rw-r--r--util/libcrypto.num10
22 files changed, 2150 insertions, 97 deletions
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index a8828c5102..0e01d4af38 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -43,8 +43,6 @@ IF[{- !$disabled{asm} -}]
ENDIF
ENDIF
-LIBS=../../libcrypto
-
$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \
ec2_smpl.c \
@@ -55,7 +53,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
$ECASM
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
- ec_err.c ecdh_kdf.c eck_prn.c
+ ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c
SOURCE[../../providers/libfips.a]=$COMMON
# Implementations are now spread across several libraries, so the defines
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 602ff7c557..c4e8177c28 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -22,6 +22,8 @@
#include <openssl/asn1t.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include <openssl/core_names.h>
+#include "internal/param_build.h"
#include "ec_local.h"
#ifndef OPENSSL_NO_CMS
@@ -574,6 +576,126 @@ static int ec_pkey_param_check(const EVP_PKEY *pkey)
return EC_GROUP_check(eckey->group, NULL);
}
+static
+size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+ return pkey->pkey.ec->dirty_cnt;
+}
+
+static ossl_inline
+int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl)
+{
+ const EC_GROUP *ecg;
+ int curve_nid;
+
+ if (eckey == NULL)
+ return 0;
+
+ ecg = EC_KEY_get0_group(eckey);
+ if (ecg == NULL)
+ return 0;
+
+ curve_nid = EC_GROUP_get_curve_name(ecg);
+
+ if (curve_nid == NID_undef) {
+ /* explicit parameters */
+
+ /*
+ * TODO(3.0): should we support explicit parameters curves?
+ */
+ return 0;
+ } else {
+ /* named curve */
+ const char *curve_name = NULL;
+
+ if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL)
+ return 0;
+
+ if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0))
+ return 0;
+ }
+
+ return 1;
+}
+
+static
+int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+ EVP_KEYMGMT *to_keymgmt)
+{
+ const EC_KEY *eckey = NULL;
+ const EC_GROUP *ecg = NULL;
+ unsigned char *pub_key_buf = NULL;
+ size_t pub_key_buflen;
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ const BIGNUM *priv_key = NULL;
+ const EC_POINT *pub_point = NULL;
+ int rv = 0;
+
+ if (from == NULL
+ || (eckey = from->pkey.ec) == NULL
+ || (ecg = EC_KEY_get0_group(eckey)) == NULL)
+ return 0;
+
+ ossl_param_bld_init(&tmpl);
+
+ /* export the domain parameters */
+ if (!ecparams_to_params(eckey, &tmpl))
+ return 0;
+
+ priv_key = EC_KEY_get0_private_key(eckey);
+ pub_point = EC_KEY_get0_public_key(eckey);
+
+ /* public_key must be present, priv_key is optional */
+ if (pub_point == NULL)
+ return 0;
+
+ /* convert pub_point to a octet string according to the SECG standard */
+ if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
+ POINT_CONVERSION_COMPRESSED,
+ &pub_key_buf, NULL)) == 0)
+ return 0;
+
+ if (!ossl_param_bld_push_octet_string(&tmpl,
+ OSSL_PKEY_PARAM_PUB_KEY,
+ pub_key_buf,
+ pub_key_buflen))
+ goto err;
+
+ if (priv_key != NULL) {
+ /*
+ * The ECDH Cofactor Mode is defined only if the EC_KEY actually
+ * contains a private key, so we check for the flag and export it only
+ * in this case.
+ */
+ int ecdh_cofactor_mode =
+ (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
+
+ /* Export the actual private key */
+ if (!ossl_param_bld_push_BN(&tmpl,
+ OSSL_PKEY_PARAM_PRIV_KEY,
+ priv_key))
+ goto err;
+
+ /* Export the ECDH_COFACTOR_MODE parameter */
+ if (!ossl_param_bld_push_int(&tmpl,
+ OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
+ ecdh_cofactor_mode))
+ goto err;
+ }
+
+ params = ossl_param_bld_to_param(&tmpl);
+
+ /* We export, the provider imports */
+ rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL,
+ params);
+
+ err:
+ ossl_param_bld_free(params);
+ OPENSSL_free(pub_key_buf);
+ return rv;
+}
+
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
@@ -611,7 +733,15 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
ec_pkey_check,
ec_pkey_public_check,
- ec_pkey_param_check
+ ec_pkey_param_check,
+
+ 0, /* set_priv_key */
+ 0, /* set_pub_key */
+ 0, /* get_priv_key */
+ 0, /* get_pub_key */
+
+ ec_pkey_dirty_cnt,
+ ec_pkey_export_to
};
#if !defined(OPENSSL_NO_SM2)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index f61d8860a4..4f7a76a1a4 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1051,6 +1051,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
*a = ret;
EC_PRIVATEKEY_free(priv_key);
*in = p;
+ ret->dirty_cnt++;
return ret;
err:
@@ -1162,8 +1163,11 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
if (a == NULL || *a != ret)
EC_KEY_free(ret);
+ else
+ ret->dirty_cnt++;
return NULL;
}
+ ret->dirty_cnt++;
if (a)
*a = ret;
@@ -1183,6 +1187,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
return 0;
}
ret = *a;
+ /* EC_KEY_opt2key updates dirty_cnt */
if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
return 0;
diff --git a/crypto/ec/ec_evp_lib.c b/crypto/ec/ec_evp_lib.c
new file mode 100644
index 0000000000..e4d7815993
--- /dev/null
+++ b/crypto/ec/ec_evp_lib.c
@@ -0,0 +1,422 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include <openssl/core_names.h>
+#include "crypto/evp.h"
+
+#include "ec_local.h"
+
+/*
+ * This file is meant to contain functions to provide EVP_PKEY support for EC
+ * keys.
+ */
+
+static ossl_inline
+int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx)
+{
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* If key type not EC return error */
+ if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC)
+ return -1;
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /*
+ * Valid input values are:
+ * * 0 for disable
+ * * 1 for enable
+ * * -1 for reset to default for associated priv key
+ */
+ if (cofactor_mode < -1 || cofactor_mode > 1) {
+ /* Uses the same return value of pkey_ec_ctrl() */
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR,
+ cofactor_mode, NULL);
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
+ &cofactor_mode);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx)
+{
+ int ret, mode;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL);
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
+ &mode);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (mode < 0 || mode > 1) {
+ /*
+ * The provider should return either 0 or 1, any other value is a
+ * provider error.
+ */
+ return -1;
+ }
+
+ return mode;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
+{
+ int ret;
+ const char *kdf_type;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ switch (kdf) {
+ case EVP_PKEY_ECDH_KDF_NONE:
+ kdf_type = "";
+ break;
+ case EVP_PKEY_ECDH_KDF_X9_63:
+ kdf_type = OSSL_KDF_NAME_X963KDF;
+ break;
+ default:
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)kdf_type, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx)
+{
+ int ret;
+ /* 80 should be big enough */
+ char kdf_type[80];
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
+ kdf_type, sizeof(kdf_type));
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (kdf_type[0] == '\0')
+ return EVP_PKEY_ECDH_KDF_NONE;
+ else if (strcmp(kdf_type, OSSL_KDF_NAME_X963KDF) == 0)
+ return EVP_PKEY_ECDH_KDF_X9_63;
+
+ return -1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ const char *md_name = NULL;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md));
+
+ md_name = (md == NULL) ? "" : EVP_MD_name(md);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)md_name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
+{
+ /* 80 should be big enough */
+ char name[80] = "";
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd));
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
+ name, sizeof(name));
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ /* May be NULL meaning "unknown" */
+ *pmd = EVP_get_digestbyname(name);
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int in)
+{
+ int ret;
+ size_t len = in;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_OUTLEN, in, NULL);
+
+ if (in <= 0) {
+ /*
+ * This would ideally be -1 or 0, but we have to retain compatibility
+ * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
+ * in <= 0
+ */
+ return -2;
+ }
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
+ &len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
+{
+ size_t len = UINT_MAX;
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0,
+ (void *)(plen));
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
+ &len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (len > INT_MAX)
+ return -1;
+
+ *plen = (int)len;
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_UKM, len, (void *)(ukm));
+
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (void *)ukm,
+ (size_t)len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ if (ret == 1)
+ OPENSSL_free(ukm);
+ return ret;
+}
+
+int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
+{
+ size_t ukmlen;
+ int ret;
+ OSSL_PARAM params[3], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0,
+ (void *)(pukm));
+
+ *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
+ (void **)pukm, 0);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN,
+ &ukmlen);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (ukmlen > INT_MAX)
+ return -1;
+
+ return (int)ukmlen;
+}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index a0cd5b9bda..071801b635 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -169,6 +169,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
return NULL;
+ dest->dirty_cnt++;
+
return dest;
}
@@ -209,15 +211,28 @@ int EC_KEY_generate_key(EC_KEY *eckey)
ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (eckey->meth->keygen != NULL)
- return eckey->meth->keygen(eckey);
+ if (eckey->meth->keygen != NULL) {
+ int ret;
+
+ ret = eckey->meth->keygen(eckey);
+ if (ret == 1)
+ eckey->dirty_cnt++;
+
+ return ret;
+ }
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
int ossl_ec_key_gen(EC_KEY *eckey)
{
- return eckey->group->meth->keygen(eckey);
+ int ret;
+
+ ret = eckey->group->meth->keygen(eckey);
+
+ if (ret == 1)
+ eckey->dirty_cnt++;
+ return ret;
}
/*
@@ -287,6 +302,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
priv_key = NULL;
pub_key = NULL;
+ eckey->dirty_cnt++;
+
ok = 1;
err:
@@ -305,12 +322,19 @@ err:
int ec_key_simple_generate_public_key(EC_KEY *eckey)
{
+ int ret;
+
/*
* See SP800-56AR3 5.6.1.2.2: Step (8)
* pub_key = priv_key * G (where G is a point on the curve)
*/
- return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
- NULL, NULL);
+ ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+ NULL, NULL);
+
+ if (ret == 1)
+ eckey->dirty_cnt++;
+
+ return ret;
}
int EC_KEY_check_key(const EC_KEY *eckey)
@@ -505,6 +529,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
goto err;
}
+ /* EC_KEY_set_public_key updates dirty_cnt */
if (!EC_KEY_set_public_key(key, point))
goto err;
@@ -532,6 +557,7 @@ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
return 0;
EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
+ key->dirty_cnt++;
return (key->group == NULL) ? 0 : 1;
}
@@ -552,6 +578,7 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
return 0;
BN_clear_free(key->priv_key);
key->priv_key = BN_dup(priv_key);
+ key->dirty_cnt++;
return (key->priv_key == NULL) ? 0 : 1;
}
@@ -567,6 +594,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
return 0;
EC_POINT_free(key->pub_key);
key->pub_key = EC_POINT_dup(pub_key, key->group);
+ key->dirty_cnt++;
return (key->pub_key == NULL) ? 0 : 1;
}
@@ -613,11 +641,13 @@ int EC_KEY_get_flags(const EC_KEY *key)
void EC_KEY_set_flags(EC_KEY *key, int flags)
{
key->flags |= flags;
+ key->dirty_cnt++;
}
void EC_KEY_clear_flags(EC_KEY *key, int flags)
{
key->flags &= ~flags;
+ key->dirty_cnt++;
}
size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
@@ -639,6 +669,7 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
return 0;
if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
return 0;
+ key->dirty_cnt++;
/*
* Save the point conversion form.
* For non-custom curves the first octet of the buffer (excluding
@@ -689,13 +720,18 @@ size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
{
+ int ret;
+
if (eckey->group == NULL || eckey->group->meth == NULL)
return 0;
if (eckey->group->meth->oct2priv == NULL) {
ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
- return eckey->group->meth->oct2priv(eckey, buf, len);
+ ret = eckey->group->meth->oct2priv(eckey, buf, len);
+ if (ret == 1)
+ eckey->dirty_cnt++;
+ return ret;
}
int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
@@ -711,6 +747,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
return 0;
}
+ eckey->dirty_cnt++;
return 1;
}
diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h
index c0eacc9ce5..dacb2ca0af 100644
--- a/crypto/ec/ec_local.h
+++ b/crypto/ec/ec_local.h
@@ -301,6 +301,9 @@ struct ec_key_st {
#endif
CRYPTO_RWLOCK *lock;
OPENSSL_CTX *libctx;
+
+ /* Provider data */
+ size_t dirty_cnt; /* If any key material changes, increment this */
};
struct ec_point_st {
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 95dd1c036e..ca1239dfdd 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -78,6 +78,8 @@ struct evp_keymgmt_st {
OSSL_OP_keymgmt_free_fn *free;
OSSL_OP_keymgmt_get_params_fn *get_params;
OSSL_OP_keymgmt_gettable_params_fn *gettable_params;
+ OSSL_OP_keymgmt_set_params_fn *set_params;
+ OSSL_OP_keymgmt_settable_params_fn *settable_params;
/* Key object checking */
OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name;
@@ -105,6 +107,8 @@ struct evp_keyexch_st {
OSSL_OP_keyexch_dupctx_fn *dupctx;
OSSL_OP_keyexch_set_ctx_params_fn *set_ctx_params;
OSSL_OP_keyexch_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_OP_keyexch_get_ctx_params_fn *get_ctx_params;
+ OSSL_OP_keyexch_gettable_ctx_params_fn *gettable_ctx_params;
} /* EVP_KEYEXCH */;
struct evp_signature_st {
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 14ed4dbe8e..901081d062 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -43,7 +43,7 @@ static void *evp_keyexch_from_dispatch(int name_id,
OSSL_PROVIDER *prov)
{
EVP_KEYEXCH *exchange = NULL;
- int fncnt = 0, paramfncnt = 0;
+ int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
if ((exchange = evp_keyexch_new(prov)) == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
@@ -88,28 +88,44 @@ static void *evp_keyexch_from_dispatch(int name_id,
break;
exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
break;
+ case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
+ if (exchange->get_ctx_params != NULL)
+ break;
+ exchange->get_ctx_params = OSSL_get_OP_keyexch_get_ctx_params(fns);
+ gparamfncnt++;
+ break;
+ case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
+ if (exchange->gettable_ctx_params != NULL)
+ break;
+ exchange->gettable_ctx_params
+ = OSSL_get_OP_keyexch_gettable_ctx_params(fns);
+ gparamfncnt++;
+ break;
case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
if (exchange->set_ctx_params != NULL)
break;
exchange->set_ctx_params = OSSL_get_OP_keyexch_set_ctx_params(fns);
- paramfncnt++;
+ sparamfncnt++;
break;
case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
if (exchange->settable_ctx_params != NULL)
break;
exchange->settable_ctx_params
= OSSL_get_OP_keyexch_settable_ctx_params(fns);
- paramfncnt++;
+ sparamfncnt++;
break;
}
}
- if (fncnt != 4 || (paramfncnt != 0 && paramfncnt != 2)) {
+ if (fncnt != 4
+ || (gparamfncnt != 0 && gparamfncnt != 2)
+ || (sparamfncnt != 0 && sparamfncnt != 2)) {
/*
* In order to be a consistent set of functions we must have at least
* a complete set of "exchange" functions: init, derive, newctx,
* and freectx. The set_ctx_params and settable_ctx_params functions are
* optional, but if one of them is present then the other one must also
- * be present. The dupctx and set_peer functions are optional.
+ * be present. Same goes for get_ctx_params and gettable_ctx_params.
+ * The dupctx and set_peer functions are optional.
*/
EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
EVP_R_INVALID_PROVIDER_FUNCTIONS);
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index b2395815c8..3fcc073a5a 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -38,7 +38,7 @@ static void *keymgmt_from_dispatch(int name_id,
OSSL_PROVIDER *prov)
{
EVP_KEYMGMT *keymgmt = NULL;
- int paramfncnt = 0, importfncnt = 0, exportfncnt = 0;
+ int setparamfncnt = 0, getparamfncnt = 0, importfncnt = 0, exportfncnt = 0;
if ((keymgmt = keymgmt_new()) == NUL