diff options
73 files changed, 14170 insertions, 13956 deletions
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 7eeeedc0e9..0758d9be4a 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -216,7 +216,8 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, goto err; /* Do KDF stuff */ if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, - dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) + dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md, + ctx->libctx, ctx->propquery)) goto err; rv = 1; diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index fb501c6ada..7695e0be18 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -24,13 +24,14 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md) + const EVP_MD *md, + OPENSSL_CTX *libctx, const char *propq) { int ret = 0; EVP_KDF_CTX *kctx = NULL; OSSL_PARAM params[4], *p = params; const char *mdname = EVP_MD_name(md); - EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL); + EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq); if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -59,6 +60,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); + return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, NULL); } #endif diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 6e89ffd999..7b8f99d511 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -19,9 +19,11 @@ #include "crypto/evp.h" #include "evp_local.h" -int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out) +int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen, + const unsigned char *salt, int saltlen, + int iter, const EVP_MD *digest, int keylen, + unsigned char *out, + OPENSSL_CTX *libctx, const char *propq) { const char *empty = ""; int rv = 1, mode = 1; @@ -40,7 +42,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, if (salt == NULL && saltlen == 0) salt = (unsigned char *)empty; - kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL); + kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) @@ -78,6 +80,15 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, return rv; } +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, const EVP_MD *digest, int keylen, + unsigned char *out) +{ + return pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, iter, + digest, keylen, out, NULL, NULL); +} + + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out) diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index fa7b1de17c..97997377e1 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -46,7 +46,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, OSSL_PARAM params[7], *z = params; if (r > UINT32_MAX || p > UINT32_MAX) { - EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); + EVPerr(0, EVP_R_PARAMETER_TOO_LARGE); return 0; } @@ -62,6 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; + /* Use OPENSSL_CTX_set0_default() if you need a library context */ kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index ac4a0fa461..a2d25a925f 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -49,7 +49,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx) if (pkctx == NULL) return 0; - kdf = EVP_KDF_fetch(NULL, kdf_name, NULL); + kdf = EVP_KDF_fetch(ctx->libctx, kdf_name, ctx->propquery); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index c09e4c001b..0ae67fb22b 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -138,6 +138,9 @@ int sm2_encrypt(const EC_KEY *key, uint8_t *C3 = NULL; size_t field_size; const int C3_size = EVP_MD_size(digest); + EVP_MD *fetched_digest = NULL; + OPENSSL_CTX *libctx = ec_key_get_libctx(key); + const char *propq = ec_key_get0_propq(key); /* NULL these before any "goto done" */ ctext_struct.C2 = NULL; @@ -156,7 +159,7 @@ int sm2_encrypt(const EC_KEY *key, kG = EC_POINT_new(group); kP = EC_POINT_new(group); - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(libctx); if (kG == NULL || kP == NULL || ctx == NULL) { SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); goto done; @@ -211,7 +214,7 @@ int sm2_encrypt(const EC_KEY *key, /* X9.63 with no salt happens to match the KDF used in SM2 */ if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, - digest)) { + digest, libctx, propq)) { SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); goto done; } @@ -219,7 +222,12 @@ int sm2_encrypt(const EC_KEY *key, for (i = 0; i != msg_len; ++i) msg_mask[i] ^= msg[i]; - if (EVP_DigestInit(hash, digest) == 0 + fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq); + if (fetched_digest == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + if (EVP_DigestInit(hash, fetched_digest) == 0 || EVP_DigestUpdate(hash, x2y2, field_size) == 0 || EVP_DigestUpdate(hash, msg, msg_len) == 0 || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 @@ -254,6 +262,7 @@ int sm2_encrypt(const EC_KEY *key, rc = 1; done: + EVP_MD_free(fetched_digest); ASN1_OCTET_STRING_free(ctext_struct.C2); ASN1_OCTET_STRING_free(ctext_struct.C3); OPENSSL_free(msg_mask); @@ -288,6 +297,8 @@ int sm2_decrypt(const EC_KEY *key, const uint8_t *C3 = NULL; int msg_len = 0; EVP_MD_CTX *hash = NULL; + OPENSSL_CTX *libctx = ec_key_get_libctx(key); + const char *propq = ec_key_get0_propq(key); if (field_size == 0 || hash_size <= 0) goto done; @@ -310,7 +321,7 @@ int sm2_decrypt(const EC_KEY *key, C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(libctx); if (ctx == NULL) { SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); goto done; @@ -352,7 +363,7 @@ int sm2_decrypt(const EC_KEY *key, if (BN_bn2binpad(x2, x2y2, field_size) < 0 || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, - digest)) { + digest, libctx, propq)) { SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR); goto done; } diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index 45297f9bc6..a455b5e989 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -20,6 +20,7 @@ #include "crypto/evp.h" #include "crypto/sm2.h" #include "crypto/sm2err.h" +#include "crypto/ec.h" /* EC pkey context structure */ @@ -124,9 +125,12 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { + int ret; EC_KEY *ec = ctx->pkey->pkey.ec; SM2_PKEY_CTX *dctx = ctx->data; const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + OPENSSL_CTX *libctx = ec_key_get_libctx(ec); + EVP_MD *fetched_md = NULL; if (out == NULL) { if (!sm2_ciphertext_size(ec, md, inlen, outlen)) @@ -135,16 +139,24 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, return 1; } - return sm2_encrypt(ec, md, in, inlen, out, outlen); + fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0); + if (fetched_md == NULL) + return 0; + ret = sm2_encrypt(ec, fetched_md, in, inlen, out, outlen); + EVP_MD_free(fetched_md); + return ret; } static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { + int ret; EC_KEY *ec = ctx->pkey->pkey.ec; SM2_PKEY_CTX *dctx = ctx->data; const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + OPENSSL_CTX *libctx = ec_key_get_libctx(ec); + EVP_MD *fetched_md = NULL; if (out == NULL) { if (!sm2_plaintext_size(ec, md, inlen, outlen)) @@ -153,7 +165,12 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, return 1; } - return sm2_decrypt(ec, md, in, inlen, out, outlen); + fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), 0); + if (fetched_md == NULL) + return 0; + ret = sm2_decrypt(ec, fetched_md, in, inlen, out, outlen); + EVP_MD_free(fetched_md); + return ret; } static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 318e981802..099594c8bc 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -42,7 +42,7 @@ int sm2_compute_z_digest(uint8_t *out, uint8_t e_byte = 0; hash = EVP_MD_CTX_new(); - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); if (hash == NULL || ctx == NULL) { SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE); goto done; @@ -146,6 +146,9 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, const int md_size = EVP_MD_size(digest); uint8_t *z = NULL; BIGNUM *e = NULL; + EVP_MD *fetched_digest = NULL; + OPENSSL_CTX *libctx = ec_key_get_libctx(key); + const char *propq = ec_key_get0_propq(key); if (md_size < 0) { SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST); @@ -158,12 +161,18 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, goto done; } - if (!sm2_compute_z_digest(z, digest, id, id_len, key)) { + fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq); + if (fetched_digest == NULL) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR); + goto done; + } + + if (!sm2_compute_z_digest(z, fetched_digest, id, id_len, key)) { /* SM2err already called */ goto done; } - if (!EVP_DigestInit(hash, digest) + if (!EVP_DigestInit(hash, fetched_digest) || !EVP_DigestUpdate(hash, z, md_size) || !EVP_DigestUpdate(hash, msg, msg_len) /* reuse z buffer to hold H(Z || M) */ @@ -177,6 +186,7 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR); done: + EVP_MD_free(fetched_digest); OPENSSL_free(z); EVP_MD_CTX_free(hash); return e; @@ -196,9 +206,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) BIGNUM *s = NULL; BIGNUM *x1 = NULL; BIGNUM *tmp = NULL; + OPENSSL_CTX *libctx = ec_key_get_libctx(key); kG = EC_POINT_new(group); - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(libctx); if (kG == NULL || ctx == NULL) { SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); goto done; @@ -227,7 +238,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) } for (;;) { - if (!BN_priv_rand_range(k, order)) { + if (!BN_priv_rand_range_ex(k, order, ctx)) { SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); goto done; } @@ -295,8 +306,9 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, BIGNUM *x1 = NULL; const BIGNUM *r = NULL; const BIGNUM *s = NULL; + OPENSSL_CTX *libctx = ec_key_get_libctx(key); - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(libctx); pt = EC_POINT_new(group); if (ctx == NULL || pt == NULL) { SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE); @@ -421,6 +433,10 @@ int sm2_sign(const unsigned char *dgst, int dgstlen, } s = sm2_sig_gen(eckey, e); + if (s == NULL) { + SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR); + goto done; + } sigleni = i2d_ECDSA_SIG(s, &sig); if (sigleni < 0) { diff --git a/include/crypto/ec.h b/include/crypto/ec.h index a771cfd706..b6ab033626 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -47,7 +47,7 @@ __owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md); + const EVP_MD *md, OPENSSL_CTX *libctx, const char *propq); int ec_generate_key(OPENSSL_CTX *libctx, EC_KEY *eckey, int pairwise_test); int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx); diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 2e85b56266..f60ae9bc09 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -753,6 +753,12 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name); const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name); +int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen, + const unsigned char *salt, int saltlen, + int iter, const EVP_MD *digest, int keylen, + unsigned char *out, + OPENSSL_CTX *libctx, const char *propq); + #ifndef FIPS_MODULE /* * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). diff --git a/providers/defltprov.c b/providers/defltprov.c index fa2fadbc95..0ee717acac 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -95,7 +95,7 @@ static int deflt_get_params(void *provctx, OSSL_PARAM params[]) */ static const OSSL_ALGORITHM deflt_digests[] = { /* Our primary name:NIST name[:our older names] */ - { "SHA1:SHA-1", "provider=default", sha1_functions }, + { "SHA1:SHA-1:SSL3-SHA1", "provider=default", sha1_functions }, { "SHA2-224:SHA-224:SHA224", "provider=default", sha224_functions }, { "SHA2-256:SHA-256:SHA256", "provider=default", sha256_functions }, { "SHA2-384:SHA-384:SHA384", "provider=default", sha384_functions }, @@ -139,7 +139,7 @@ static const OSSL_ALGORITHM deflt_digests[] = { #endif /* OPENSSL_NO_SM3 */ #ifndef OPENSSL_NO_MD5 - { "MD5", "provider=default", md5_functions }, + { "MD5:SSL3-MD5", "provider=default", md5_functions }, { "MD5-SHA1", "provider=default", md5_sha1_functions }, #endif /* OPENSSL_NO_MD5 */ @@ -151,9 +151,9 @@ |