[openssl] master update
Richard Levitte
levitte at openssl.org
Fri Apr 10 20:16:55 UTC 2020
The branch master has been updated
via cc572c25647f6ab0c026a4a3057dc706e4a4a412 (commit)
via aec8de1a5f0b3f6e6279266b45836d6c9f6878df (commit)
from 1ae56f2f43d36618e54cbb8dd47a7107b74505b6 (commit)
- Log -----------------------------------------------------------------
commit cc572c25647f6ab0c026a4a3057dc706e4a4a412
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Apr 9 06:07:54 2020 +0200
EVP: legacy_ctrl_to_param() to handle provider side keys
There was one spot where this function would look at ctx->pmeth
directly to determine if it's for RSASSA-PSS, which fails when
presented with an EVP_PKEY_CTX holding a provider side key.
Switching to use EVP_PKEY_is_a() should make things better.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11501)
commit aec8de1a5f0b3f6e6279266b45836d6c9f6878df
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 8 15:41:05 2020 +0200
CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy
The EVP_PKEY_ASN1_METHOD code used by CMS_RecipientInfo_kari_decrypt()
and cms_RecipientInfo_kari_encrypt() is quite complex and needs more
careful thought to work with provider side keys. Unfortunately, we
need to get key generation in place, among others for ECC keys, so we
add a temporary hack, similar to what's already done in TLS code, that
downgrades a provider side EVP_PKEY to become EVP_PKEY_ASN1_METHOD /
EVP_PKEY_METHOD based.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11501)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_err.c | 2 +-
crypto/cms/cms_kari.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
crypto/err/openssl.txt | 1 +
crypto/evp/pmeth_lib.c | 3 ++-
include/openssl/cmserr.h | 1 +
5 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 98500d7cba..526d77357e 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 3299e9b5f5..a44aca6535 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -248,6 +248,27 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
size_t enckeylen;
size_t ceklen;
CMS_EncryptedContentInfo *ec;
+
+ {
+ /*
+ * TODO(3.0) Remove this when we have functionality to deserialize
+ * parameters in EVP_PKEY form from an X509_ALGOR.
+ * This is needed to be able to replace the EC_KEY specific decoding
+ * that happens in ecdh_cms_set_peerkey() (crypto/ec/ec_ameth.c)
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+
+ EVP_PKEY_get0(pkey);
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_DECRYPT,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+ }
+
enckeylen = rek->encryptedKey->length;
enckey = rek->encryptedKey->data;
/* Setup all parameters to derive KEK */
@@ -446,6 +467,32 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
STACK_OF(CMS_RecipientEncryptedKey) *reks;
int i;
+ {
+ /*
+ * TODO(3.0) Remove this when we have figured out all the details
+ * need to set up encryption right. With legacy keys, a *lot* is
+ * happening in the CMS specific EVP_PKEY_ASN1_METHOD functions,
+ * such as automatically setting a default KDF type, KDF digest,
+ * all that kind of stuff.
+ * With EVP_SIGNATURE, setting a default digest is done by getting
+ * the default MD for the key, and then inject that back into the
+ * signature implementation... we could do something similar with
+ * CMS, possibly using CMS specific OSSL_PARAM keys, just like we
+ * have for certain AlgorithmIdentifier retrievals.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+
+ EVP_PKEY_get0(pkey);
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ return 0;
+ }
+ }
+
if (ri->type != CMS_RECIPINFO_AGREE) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
return 0;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 80b92f8476..cf6b9cd893 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -291,6 +291,7 @@ CMS_F_CMS_RECEIPTREQUEST_CREATE0:159:CMS_ReceiptRequest_create0
CMS_F_CMS_RECEIPT_VERIFY:160:cms_Receipt_verify
CMS_F_CMS_RECIPIENTINFO_DECRYPT:134:CMS_RecipientInfo_decrypt
CMS_F_CMS_RECIPIENTINFO_ENCRYPT:169:CMS_RecipientInfo_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_DECRYPT:188:
CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT:178:cms_RecipientInfo_kari_encrypt
CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG:175:CMS_RecipientInfo_kari_get0_alg
CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID:173:\
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index da50ebf18a..f36a7363db 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -890,7 +890,8 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
# endif
- if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ /* TODO (3.0) Temporary hack, this should probe */
+ if (!EVP_PKEY_is_a(EVP_PKEY_CTX_get0_pkey(ctx), "RSASSA-PSS"))
return 1;
ERR_raise(ERR_LIB_EVP,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h
index 494ae6191a..d4d8134171 100644
--- a/include/openssl/cmserr.h
+++ b/include/openssl/cmserr.h
@@ -87,6 +87,7 @@ int ERR_load_CMS_strings(void);
# define CMS_F_CMS_RECEIPT_VERIFY 0
# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0
# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0
+# define CMS_F_CMS_RECIPIENTINFO_KARI_DECRYPT 0
# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0
More information about the openssl-commits
mailing list