From: Richard Levitte Date: Mon, 20 Apr 2020 07:29:47 +0000 (+0200) Subject: PROV: Ensure that ED25519 & ED448 keys have a mandatory digest X-Git-Tag: openssl-3.0.0-alpha1~6 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1a7328c8825627f723be624ddbc7e5bfb40f8fd5;p=oweals%2Fopenssl.git PROV: Ensure that ED25519 & ED448 keys have a mandatory digest This adds handling of the parameter "mandatory-digest" and responds with an empty string, meaning that no digest may be used. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11576) --- diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index 1afa52d041..dd3e68f109 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -28,6 +28,16 @@ The private key value. =back +=head2 ED25519 and ED448 parameters + +=over 4 + +=item "mandatory-digest" (B) + +The empty string, signifying that no digest may be specified. + +=back + =head1 CONFORMING TO =over 4 diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index c9105f777d..2ba8f53e5a 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -42,7 +42,10 @@ static OSSL_OP_keymgmt_get_params_fn x25519_get_params; static OSSL_OP_keymgmt_get_params_fn x448_get_params; static OSSL_OP_keymgmt_get_params_fn ed25519_get_params; static OSSL_OP_keymgmt_get_params_fn ed448_get_params; -static OSSL_OP_keymgmt_gettable_params_fn ecx_gettable_params; +static OSSL_OP_keymgmt_gettable_params_fn x25519_gettable_params; +static OSSL_OP_keymgmt_gettable_params_fn x448_gettable_params; +static OSSL_OP_keymgmt_gettable_params_fn ed25519_gettable_params; +static OSSL_OP_keymgmt_gettable_params_fn ed448_gettable_params; static OSSL_OP_keymgmt_has_fn ecx_has; static OSSL_OP_keymgmt_import_fn ecx_import; static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types; @@ -207,6 +210,17 @@ static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits, return key_to_params(ecx, NULL, params); } +static int ed_get_params(void *key, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, + OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL + && !OSSL_PARAM_set_utf8_string(p, "")) + return 0; + return 1; +} + static int x25519_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, X25519_BITS, X25519_SECURITY_BITS, @@ -222,16 +236,27 @@ static int x448_get_params(void *key, OSSL_PARAM params[]) static int ed25519_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS, - ED25519_KEYLEN); + ED25519_KEYLEN) + && ed_get_params(key, params); } static int ed448_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS, - ED448_KEYLEN); + ED448_KEYLEN) + && ed_get_params(key, params); } static const OSSL_PARAM ecx_params[] = { + OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), + ECX_KEY_TYPES(), + OSSL_PARAM_END +}; + +static const OSSL_PARAM ed_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), @@ -239,11 +264,26 @@ static const OSSL_PARAM ecx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *ecx_gettable_params(void) +static const OSSL_PARAM *x25519_gettable_params(void) +{ + return ecx_params; +} + +static const OSSL_PARAM *x448_gettable_params(void) { return ecx_params; } +static const OSSL_PARAM *ed25519_gettable_params(void) +{ + return ed_params; +} + +static const OSSL_PARAM *ed448_gettable_params(void) +{ + return ed_params; +} + static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type) { OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); @@ -383,7 +423,7 @@ static void ecx_gen_cleanup(void *genctx) { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free }, \ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \ - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params }, \ + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \