From: Matt Caswell Date: Thu, 27 Jun 2019 09:48:17 +0000 (+0100) Subject: Make the EVP Key Exchange code provider aware X-Git-Tag: openssl-3.0.0-alpha1~1782 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ff64702b3d83d4c77756e0fd7b624e2165dbbdf0;p=oweals%2Fopenssl.git Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a8f28dc349..4608938ed5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -807,6 +807,7 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate +EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new @@ -838,6 +839,7 @@ EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init +EVP_F_EVP_PKEY_DERIVE_INIT_EX:243:EVP_PKEY_derive_init_ex EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init diff --git a/crypto/evp/build.info b/crypto/evp/build.info index fa49f2efbe..5030f3f68d 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -15,7 +15,7 @@ SOURCE[../../libcrypto]=$COMMON\ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c \ - mac_lib.c c_allm.c pkey_mac.c + mac_lib.c c_allm.c pkey_mac.c exchange.c SOURCE[../../providers/fips]=$COMMON INCLUDE[e_aes.o]=.. ../modes diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 615206bdd0..3e64a1f93e 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -726,3 +727,133 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), OPENSSL_free(bin); return rv; } + +#ifndef FIPS_MODE +/* + * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added + * in later. + */ + +#define MAX_PARAMS 10 +typedef struct { + /* Number of the current param */ + size_t curr; + struct { + /* Key for the current param */ + const char *key; + /* Value for the current param */ + const BIGNUM *bnparam; + /* Size of the buffer required for the BN */ + size_t bufsz; + } params[MAX_PARAMS]; + /* Running count of the total size required */ + size_t totsz; + int ispublic; +} PARAMS_TEMPLATE; + +static int push_param_bn(PARAMS_TEMPLATE *tmpl, const char *key, + const BIGNUM *bn) +{ + int sz; + + sz = BN_num_bytes(bn); + if (sz <= 0) + return 0; + tmpl->params[tmpl->curr].key = key; + tmpl->params[tmpl->curr].bnparam = bn; + tmpl->params[tmpl->curr++].bufsz = (size_t)sz; + tmpl->totsz += sizeof(OSSL_PARAM) + (size_t)sz; + + return 1; +} + +static OSSL_PARAM *param_template_to_param(PARAMS_TEMPLATE *tmpl, size_t *sz) +{ + size_t i; + void *buf; + OSSL_PARAM *param = NULL; + unsigned char *currbuf = NULL; + + if (tmpl->totsz == 0) + return NULL; + + /* Add some space for the end of OSSL_PARAM marker */ + tmpl->totsz += sizeof(*param); + + if (tmpl->ispublic) + buf = OPENSSL_zalloc(tmpl->totsz); + else + buf = OPENSSL_secure_zalloc(tmpl->totsz); + if (buf == NULL) + return NULL; + param = buf; + + currbuf = (unsigned char *)buf + (sizeof(*param) * (tmpl->curr + 1)); + + for (i = 0; i < tmpl->curr; i++) { + if (!ossl_assert((currbuf - (unsigned char *)buf ) + + tmpl->params[i].bufsz <= tmpl->totsz)) + goto err; + if (BN_bn2nativepad(tmpl->params[i].bnparam, currbuf, + tmpl->params[i].bufsz) < 0) + goto err; + param[i] = OSSL_PARAM_construct_BN(tmpl->params[i].key, currbuf, + tmpl->params[i].bufsz); + currbuf += tmpl->params[i].bufsz; + } + param[i] = OSSL_PARAM_construct_end(); + + if (sz != NULL) + *sz = tmpl->totsz; + return param; + + err: + if (tmpl->ispublic) + OPENSSL_free(param); + else + OPENSSL_clear_free(param, tmpl->totsz); + return NULL; +} + +static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz) +{ + DH *dh = pkey->pkey.dh; + PARAMS_TEMPLATE tmpl = {0}; + const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); + const BIGNUM *pub_key = DH_get0_pub_key(dh); + const BIGNUM *priv_key = DH_get0_priv_key(dh); + + if (p == NULL || g == NULL || pub_key == NULL) + return NULL; + + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_P, p) + || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_G, g) + || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + return NULL; + + if (q != NULL) { + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_Q, q)) + return NULL; + } + + if (priv_key != NULL) { + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key)) + return NULL; + } else { + tmpl.ispublic = 1; + } + + return param_template_to_param(&tmpl, sz); +} + +OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz) +{ + switch (pkey->type) { + case EVP_PKEY_DH: + return evp_pkey_dh_to_param(pkey, sz); + default: + return NULL; + } +} + +#endif /* FIPS_MODE */ diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index b62f1e3bc4..659305b8d6 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -9,6 +9,8 @@ /* EVP_MD_CTX related stuff */ +#include + struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; @@ -60,6 +62,20 @@ struct evp_kdf_ctx_st { EVP_KDF_IMPL *impl; /* Algorithm-specific data */ } /* EVP_KDF_CTX */ ; +struct evp_keyexch_st { + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + OSSL_OP_keyexch_newctx_fn *newctx; + OSSL_OP_keyexch_init_fn *init; + OSSL_OP_keyexch_set_peer_fn *set_peer; + OSSL_OP_keyexch_derive_fn *derive; + OSSL_OP_keyexch_freectx_fn *freectx; + OSSL_OP_keyexch_dupctx_fn *dupctx; +} /* EVP_KEYEXCH */; + + int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, @@ -114,3 +130,23 @@ int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); + +OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); + +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ + size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + \ + if (pksize == 0) { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ + return 0; \ + } \ + if (arg == NULL) { \ + *arglen = pksize; \ + return 1; \ + } \ + if (*arglen < pksize) { \ + EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ + return 0; \ + } \ + } diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c new file mode 100644 index 0000000000..655d5a1c86 --- /dev/null +++ b/crypto/evp/exchange.c @@ -0,0 +1,354 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "internal/refcount.h" +#include "internal/evp_int.h" +#include "internal/provider.h" +#include "evp_locl.h" + +static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) +{ + EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH)); + + exchange->lock = CRYPTO_THREAD_lock_new(); + if (exchange->lock == NULL) { + OPENSSL_free(exchange); + return NULL; + } + exchange->prov = prov; + ossl_provider_up_ref(prov); + exchange->refcnt = 1; + + return exchange; +} + +static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov) +{ + EVP_KEYEXCH *exchange = NULL; + int fncnt = 0; + + if ((exchange = evp_keyexch_new(prov)) == NULL) + return NULL; + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_KEYEXCH_NEWCTX: + if (exchange->newctx != NULL) + break; + exchange->newctx = OSSL_get_OP_keyexch_newctx(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_INIT: + if (exchange->init != NULL) + break; + exchange->init = OSSL_get_OP_keyexch_init(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_SET_PEER: + if (exchange->set_peer != NULL) + break; + exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns); + break; + case OSSL_FUNC_KEYEXCH_DERIVE: + if (exchange->derive != NULL) + break; + exchange->derive = OSSL_get_OP_keyexch_derive(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_FREECTX: + if (exchange->freectx != NULL) + break; + exchange->freectx = OSSL_get_OP_keyexch_freectx(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_DUPCTX: + if (exchange->dupctx != NULL) + break; + exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns); + break; + } + } + if (fncnt != 4) { + /* + * In order to be a consistent set of functions we must have at least + * a complete set of "exchange" functions: init, derive, newctx, + * and freectx. The dupctx and set_peer functions are optional. + */ + EVP_KEYEXCH_free(exchange); + EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH, + EVP_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + + return exchange; +} + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) +{ + if (exchange != NULL) { + int i; + + CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock); + if (i > 0) + return; + ossl_provider_free(exchange->prov); + CRYPTO_THREAD_lock_free(exchange->lock); + OPENSSL_free(exchange); + } +} + +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange) +{ + int ref = 0; + + CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock); + return 1; +} + +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) +{ + return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, + evp_keyexch_from_dispatch, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); +} + +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) +{ + int ret; + OSSL_PARAM *param = NULL; + size_t paramsz = 0; + + ctx->operation = EVP_PKEY_OP_DERIVE; + + if (ctx->engine != NULL) + goto legacy; + + if (exchange != NULL) { + if (!EVP_KEYEXCH_up_ref(exchange)) + goto err; + } else { + int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id; + + /* + * TODO(3.0): Check for legacy handling. Remove this once all all + * algorithms are moved to providers. + */ + if (ctx->pkey != NULL) { + switch (ctx->pkey->type) { +#if 0 + case EVP_PKEY_DH: + break; +#endif + default: + goto legacy; + } + exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL); + } else { + goto legacy; + } + + if (exchange == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + + if (ctx->exchprovctx != NULL && ctx->exchange != NULL) + ctx->exchange->freectx(ctx->exchprovctx); + EVP_KEYEXCH_free(ctx->exchange); + ctx->exchange = exchange; + if (ctx->pkey != NULL) { + param = evp_pkey_to_param(ctx->pkey, ¶msz); + if (param == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); + if (ctx->exchprovctx == NULL) { + OPENSSL_secure_clear_free(param, paramsz); + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + ret = exchange->init(ctx->exchprovctx, param); + /* + * TODO(3.0): Really we should detect whether to call OPENSSL_free or + * OPENSSL_secure_clear_free based on the presence of a private key or not. + * Since we always expect a private key to be present we just call + * OPENSSL_secure_clear_free for now. + */ + OPENSSL_secure_clear_free(param, paramsz); + + return ret ? 1 : 0; + err: + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return 0; + + legacy: + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->pmeth->derive_init == NULL) + return 1; + ret = ctx->pmeth->derive_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) +{ + return EVP_PKEY_derive_init_ex(ctx, NULL); +} + +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) +{ + int ret; + OSSL_PARAM *param = NULL; + + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->exchprovctx == NULL) + goto legacy; + + if (ctx->operation != EVP_PKEY_OP_DERIVE) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (ctx->exchange->set_peer == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + param = evp_pkey_to_param(peer, NULL); + if (param == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR); + return 0; + } + ret = ctx->exchange->set_peer(ctx->exchprovctx, param); + /* + * TODO(3.0): Really we should detect whether to call OPENSSL_free or + * OPENSSL_secure_clear_free based on the presence of a private key or not. + * Since we always expect a public key to be present we just call + * OPENSSL_free for now. + */ + OPENSSL_free(param); + + return ret; + + legacy: + if (ctx->pmeth == NULL + || !(ctx->pmeth->derive != NULL + || ctx->pmeth->encrypt != NULL + || ctx->pmeth->decrypt != NULL) + || ctx->pmeth->ctrl == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE + && ctx->operation != EVP_PKEY_OP_ENCRYPT + && ctx->operation != EVP_PKEY_OP_DECRYPT) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); + + if (ret <= 0) + return ret; + + if (ret == 2) + return 1; + + if (ctx->pkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); + return -1; + } + + if (ctx->pkey->type != peer->type) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES); + return -1; + } + + /* + * For clarity. The error is if parameters in peer are + * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 + * (different key types) is impossible here because it is checked earlier. + * -2 is OK for us here, as well as 1, so we can check for 0 only. + */ + if (!EVP_PKEY_missing_parameters(peer) && + !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); + return -1; + } + + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); + + if (ret <= 0) { + ctx->peerkey = NULL; + return ret; + } + + EVP_PKEY_up_ref(peer); + return 1; +} + +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) +{ + int ret; + + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->operation != EVP_PKEY_OP_DERIVE) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (ctx->exchprovctx == NULL) + goto legacy; + + ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX); + + return ret; + legacy: + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) + return ctx->pmeth->derive(ctx, key, pkeylen); +} diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 187f7a6882..51df2be4d4 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -9,28 +9,11 @@ #include #include -#include "internal/cryptlib.h" #include #include +#include "internal/cryptlib.h" #include "internal/evp_int.h" - -#define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ - size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - \ - if (pksize == 0) { \ - EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ - return 0; \ - } \ - if (!arg) { \ - *arglen = pksize; \ - return 1; \ - } \ - if (*arglen < pksize) { \ - EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ - return 0; \ - } \ - } +#include "evp_locl.h" int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { @@ -200,98 +183,3 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); } - -int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) -{ - int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_DERIVE; - if (!ctx->pmeth->derive_init) - return 1; - ret = ctx->pmeth->derive_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) -{ - int ret; - if (!ctx || !ctx->pmeth - || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) - || !ctx->pmeth->ctrl) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE - && ctx->operation != EVP_PKEY_OP_ENCRYPT - && ctx->operation != EVP_PKEY_OP_DECRYPT) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); - - if (ret <= 0) - return ret; - - if (ret == 2) - return 1; - - if (!ctx->pkey) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); - return -1; - } - - if (ctx->pkey->type != peer->type) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES); - return -1; - } - - /* - * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return - * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 - * (different key types) is impossible here because it is checked earlier. - * -2 is OK for us here, as well as 1, so we can check for 0 only. - */ - if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); - return -1; - } - - EVP_PKEY_free(ctx->peerkey); - ctx->peerkey = peer; - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); - - if (ret <= 0) { - ctx->peerkey = NULL; - return ret; - } - - EVP_PKEY_up_ref(peer); - return 1; -} - -int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) - return ctx->pmeth->derive(ctx, key, pkeylen); -} diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 28fa047a00..b10663cf70 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -16,6 +16,7 @@ #include "internal/asn1_int.h" #include "internal/evp_int.h" #include "internal/numbers.h" +#include "evp_locl.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -253,7 +254,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) { EVP_PKEY_CTX *rctx; - if (!pctx->pmeth || !pctx->pmeth->copy) + + if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL)) + && pctx->exchprovctx == NULL) return NULL; #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ @@ -262,31 +265,43 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) return 0; } #endif - rctx = OPENSSL_malloc(sizeof(*rctx)); + rctx = OPENSSL_zalloc(sizeof(*rctx)); if (rctx == NULL) { EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; } + if (pctx->pkey != NULL) + EVP_PKEY_up_ref(pctx->pkey); + rctx->pkey = pctx->pkey; + rctx->operation = pctx->operation; + + if (pctx->exchprovctx != NULL) { + if (!ossl_assert(pctx->exchange != NULL)) + return NULL; + rctx->exchange = pctx->exchange; + if (!EVP_KEYEXCH_up_ref(rctx->exchange)) { + OPENSSL_free(rctx); + return NULL; + } + rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx); + if (rctx->exchprovctx == NULL) { + EVP_KEYEXCH_free(rctx->exchange); + OPENSSL_free(rctx); + return NULL; + } + return rctx; + } + rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE rctx->engine = pctx->engine; #endif - if (pctx->pkey) - EVP_PKEY_up_ref(pctx->pkey); - - rctx->pkey = pctx->pkey; - if (pctx->peerkey) EVP_PKEY_up_ref(pctx->peerkey); - rctx->peerkey = pctx->peerkey; - rctx->data = NULL; - rctx->app_data = NULL; - rctx->operation = pctx->operation; - if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; @@ -355,6 +370,12 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) return; if (ctx->pmeth && ctx->pmeth->cleanup) ctx->pmeth->cleanup(ctx); + + if (ctx->exchprovctx != NULL && ctx->exchange != NULL) + ctx->exchange->freectx(ctx->exchprovctx); + + EVP_KEYEXCH_free(ctx->exchange); + EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index da4ae0f1fb..71833fa49e 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -18,6 +18,11 @@ #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 struct evp_pkey_ctx_st { + EVP_KEYEXCH *exchange; + void *exchprovctx; + + /* Legacy fields below */ + /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; /* Engine that implements this method or NULL if builtin */ diff --git a/crypto/params.c b/crypto/params.c index 0c9e6f3ef7..87a66820ce 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -582,13 +582,6 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf) sizeof(size_t)); } -#ifndef FIPS_MODE -/* - * TODO(3.0): Make this available in FIPS mode. - * - * Temporarily we don't include these functions in FIPS mode to avoid pulling - * in the entire BN sub-library into the module at this point. - */ int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val) { BIGNUM *b; @@ -632,7 +625,6 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, bsize); } -#endif int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) { diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4addceaea7..143668a0b9 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -56,6 +56,15 @@ extern "C" { #define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" #define OSSL_DIGEST_PARAM_MICALG "micalg" +/* PKEY parameters */ +/* Diffie-Hellman Parameters */ +#define OSSL_PKEY_PARAM_DH_P "dh-p" +#define OSSL_PKEY_PARAM_DH_G "dh-g" +#define OSSL_PKEY_PARAM_DH_Q "dh-q" +/* Diffie-Hellman Keys */ +#define OSSL_PKEY_PARAM_DH_PUB_KEY "dh-pub" +#define OSSL_PKEY_PARAM_DH_PRIV_KEY "dh-priv" + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 37a31709d4..0a61c21bf7 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -229,6 +229,27 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) +/* Key Exchange */ + +# define OSSL_OP_KEYEXCH 3 + +# define OSSL_FUNC_KEYEXCH_NEWCTX 1 +# define OSSL_FUNC_KEYEXCH_INIT 2 +# define OSSL_FUNC_KEYEXCH_DERIVE 3 +# define OSSL_FUNC_KEYEXCH_SET_PEER 4 +# define OSSL_FUNC_KEYEXCH_FREECTX 5 +# define OSSL_FUNC_KEYEXCH_DUPCTX 6 + +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *key, + size_t *keylen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) + # ifdef __cplusplus } # endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index e781ebe212..a2cb66aaf3 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1477,6 +1477,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange); int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); @@ -1705,6 +1706,12 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + void EVP_add_alg_module(void); /* diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 202e366213..76a9bee78d 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -104,6 +104,8 @@ typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; +typedef struct evp_keyexch_st EVP_KEYEXCH; + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; diff --git a/util/libcrypto.num b/util/libcrypto.num index 0ce880041e..9e95e3ee76 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4679,3 +4679,7 @@ BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION: +EVP_PKEY_derive_init_ex 4788 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_free 4789 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_up_ref 4790 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_fetch 4791 3_0_0 EXIST::FUNCTION: