[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sat Jan 30 16:04:29 UTC 2016
The branch master has been updated
via 4ddd5aceccee47f5d530b4741b02c839cefc9001 (commit)
via 404cc933b70d9662d23e80609be7a5604f443029 (commit)
via d4ad48d7bd92447a2da960bf3567045992c63059 (commit)
via bc9d9ce27a0c4d525e9c4e145993756fe3a7da23 (commit)
via 7ab507495b86371756575d606af556b4fd74e27a (commit)
from 33254e1c6fa6a1acf28fd0d9b6dc4ee30e569b95 (commit)
- Log -----------------------------------------------------------------
commit 4ddd5aceccee47f5d530b4741b02c839cefc9001
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jan 30 13:17:09 2016 +0000
handle "Ctrl" in separate function
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
commit 404cc933b70d9662d23e80609be7a5604f443029
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jan 30 03:34:39 2016 +0000
Add test data for ECDH
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
commit d4ad48d7bd92447a2da960bf3567045992c63059
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Jan 29 14:58:36 2016 +0000
Add support for EVP_PKEY_derive in evp_test
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
commit bc9d9ce27a0c4d525e9c4e145993756fe3a7da23
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Jan 29 15:12:16 2016 +0000
fix warning
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
commit 7ab507495b86371756575d606af556b4fd74e27a
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jan 30 02:51:01 2016 +0000
Add function to return internal enoding of X509_NAME.
PR#4280
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_name.c | 13 +++++++
doc/crypto/d2i_X509_NAME.pod | 26 ++++++++++---
include/openssl/x509.h | 3 ++
test/evp_test.c | 93 ++++++++++++++++++++++++++++++++++++++++----
test/evptests.txt | 25 ++++++++++++
util/libeay.num | 1 +
6 files changed, 147 insertions(+), 14 deletions(-)
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 9cc855a..9133e3c 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -567,3 +567,16 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
OPENSSL_free(b);
return 0;
}
+
+int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
+ X509_NAME *nm)
+{
+ /* Make sure encoding is valid */
+ if (i2d_X509_NAME(nm, NULL) <= 0)
+ return 0;
+ if (pder != NULL)
+ *pder = (unsigned char *)nm->bytes->data;
+ if (pderlen != NULL)
+ *pderlen = nm->bytes->length;
+ return 1;
+}
diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod
index ca52f53..d1d32df 100644
--- a/doc/crypto/d2i_X509_NAME.pod
+++ b/doc/crypto/d2i_X509_NAME.pod
@@ -11,21 +11,35 @@ d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+ int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
+ X509_NAME *nm)
+
+
=head1 DESCRIPTION
-These functions decode and encode an B<X509_NAME> structure which is the
-same as the B<Name> type defined in RFC2459 (and elsewhere) and used
-for example in certificate subject and issuer names.
+The functions d2i_X509_NAME() and i2d_X509_NAME() decode and encode an
+B<X509_NAME> structure which is the same as the B<Name> type defined in
+RFC3280 (and elsewhere) and used for example in certificate subject and
+issuer names.
Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509()
described in the L<d2i_X509(3)> manual page.
+The function X509_NAME_get0_der() returns an internal pointer to the
+encoding of an B<X509_NAME> structure in B<*pder> and consisting of
+B<*pderlen> bytes. It is useful for applications that wish to examine
+the encoding of an B<X509_NAME> structure without copying it.
+
+=head1 RETURN VALUES
+
=head1 SEE ALSO
-L<d2i_X509(3)>
+The meanings of the return values of d2i_X509_NAME() and i2d_X509_NAME()
+are similar to those for d2i_X509() and i2d_X509().
-=head1 HISTORY
+The function X509_NAME_get0_der() returns 1 for success and 0 if an error
+occurred.
-TBA
+L<d2i_X509(3)>
=cut
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 7581bb4..31f784d 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -873,6 +873,9 @@ ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
+int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
+ X509_NAME *nm);
+
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
int nid, int lastpos);
diff --git a/test/evp_test.c b/test/evp_test.c
index 326ed0d..6c9f4b8 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -169,6 +169,8 @@ static unsigned char* unescape(const char *input, size_t input_len,
static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
{
long len;
+
+ *buflen = 0;
if (!*value) {
/*
* Don't return NULL for zero length buffer.
@@ -291,6 +293,7 @@ static const struct evp_test_method mac_test_method;
static const struct evp_test_method psign_test_method, pverify_test_method;
static const struct evp_test_method pdecrypt_test_method;
static const struct evp_test_method pverify_recover_test_method;
+static const struct evp_test_method pderive_test_method;
static const struct evp_test_method pbe_test_method;
static const struct evp_test_method encode_test_method;
static const struct evp_test_method kdf_test_method;
@@ -303,6 +306,7 @@ static const struct evp_test_method *evp_test_list[] = {
&pverify_test_method,
&pdecrypt_test_method,
&pverify_recover_test_method,
+ &pderive_test_method,
&pbe_test_method,
&encode_test_method,
&kdf_test_method,
@@ -1224,6 +1228,22 @@ static void pkey_test_cleanup(struct evp_test *t)
EVP_PKEY_CTX_free(kdata->ctx);
}
+static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value)
+{
+ int rv;
+ char *p, *tmpval;
+
+ tmpval = OPENSSL_strdup(value);
+ if (tmpval == NULL)
+ return 0;
+ p = strchr(tmpval, ':');
+ if (p != NULL)
+ *p++ = 0;
+ rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+ OPENSSL_free(tmpval);
+ return rv > 0;
+}
+
static int pkey_test_parse(struct evp_test *t,
const char *keyword, const char *value)
{
@@ -1232,14 +1252,8 @@ static int pkey_test_parse(struct evp_test *t,
return test_bin(value, &kdata->input, &kdata->input_len);
if (strcmp(keyword, "Output") == 0)
return test_bin(value, &kdata->output, &kdata->output_len);
- if (strcmp(keyword, "Ctrl") == 0) {
- char *p = strchr(value, ':');
- if (p)
- *p++ = 0;
- if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0)
- return 0;
- return 1;
- }
+ if (strcmp(keyword, "Ctrl") == 0)
+ return pkey_test_ctrl(kdata->ctx, value);
return 0;
}
@@ -1337,6 +1351,69 @@ static const struct evp_test_method pverify_test_method = {
verify_test_run
};
+
+static int pderive_test_init(struct evp_test *t, const char *name)
+{
+ return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
+}
+
+static int pderive_test_parse(struct evp_test *t,
+ const char *keyword, const char *value)
+{
+ struct pkey_data *kdata = t->data;
+
+ if (strcmp(keyword, "PeerKey") == 0) {
+ EVP_PKEY *peer;
+ if (find_key(&peer, value, t->public) == 0)
+ return 0;
+ if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
+ return 0;
+ return 1;
+ }
+ if (strcmp(keyword, "SharedSecret") == 0)
+ return test_bin(value, &kdata->output, &kdata->output_len);
+ if (strcmp(keyword, "Ctrl") == 0)
+ return pkey_test_ctrl(kdata->ctx, value);
+ return 0;
+}
+
+static int pderive_test_run(struct evp_test *t)
+{
+ struct pkey_data *kdata = t->data;
+ unsigned char *out = NULL;
+ size_t out_len;
+ const char *err = "INTERNAL_ERROR";
+
+ out_len = kdata->output_len;
+ out = OPENSSL_malloc(out_len);
+ if (!out) {
+ fprintf(stderr, "Error allocating output buffer!\n");
+ exit(1);
+ }
+ err = "DERIVE_ERROR";
+ if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
+ goto err;
+ err = "SHARED_SECRET_LENGTH_MISMATCH";
+ if (out_len != kdata->output_len)
+ goto err;
+ err = "SHARED_SECRET_MISMATCH";
+ if (check_output(t, kdata->output, out, out_len))
+ goto err;
+ err = NULL;
+ err:
+ OPENSSL_free(out);
+ t->err = err;
+ return 1;
+}
+
+static const struct evp_test_method pderive_test_method = {
+ "Derive",
+ pderive_test_init,
+ pkey_test_cleanup,
+ pderive_test_parse,
+ pderive_test_run
+};
+
/* PBE tests */
#define PBE_TYPE_SCRYPT 1
diff --git a/test/evptests.txt b/test/evptests.txt
index 83452b4..a7d29b8 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2255,6 +2255,20 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
-----END PUBLIC KEY-----
+# Additional EC key for ECDH
+PrivateKey=P-256-Peer
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIP1Ec7tUwzcFBVmd4nSyEgGaRGNL3ydqSwe3/l548pdjoAoGCCqGSM49
+AwEHoUQDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/sCrmVlCNy6lFAldO8IPkSyzGP
+MjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg==
+-----END EC PRIVATE KEY-----
+
+PublicKey=P-256-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s
+CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg==
+-----END PUBLIC KEY-----
+
# DSA key
PrivateKey=DSA-1024
@@ -2956,3 +2970,14 @@ MD=MD5-SHA1
Seed = 02
Output = 03
Result = KDF_DERIVE_ERROR
+
+
+# ECDH tests
+
+Derive=P-256
+PeerKey=P-256-Peer-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
+
+Derive=P-256-Peer
+PeerKey=P-256-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
diff --git a/util/libeay.num b/util/libeay.num
index 31f6a06..951add7 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4765,3 +4765,4 @@ OCSP_resp_get0_produced_at 5159 1_1_0 EXIST::FUNCTION:
TS_STATUS_INFO_get0_failure_info 5160 1_1_0 EXIST::FUNCTION:
TS_STATUS_INFO_get0_text 5161 1_1_0 EXIST::FUNCTION:
CRYPTO_secure_zalloc 5162 1_1_0 EXIST::FUNCTION:
+X509_NAME_get0_der 5163 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list