[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Mar 2 20:50:59 UTC 2016
The branch master has been updated
via e9b1c42f753fcb90eee70a12b0ac832951d7ac0b (commit)
via e2285d878d28f55bffc731a34389a2ea91de779f (commit)
from 2ad9ef06a6aadeeb78a05ce18ace0ea5f300401b (commit)
- Log -----------------------------------------------------------------
commit e9b1c42f753fcb90eee70a12b0ac832951d7ac0b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 19:16:21 2016 +0000
make errors
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit e2285d878d28f55bffc731a34389a2ea91de779f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Feb 29 14:12:11 2016 +0000
Handle KDF internally.
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_25519.c | 21 ++++++---------------
crypto/ec/ec_err.c | 1 +
crypto/ec/ec_kmeth.c | 46 ++++++++++++++++++++++++++++------------------
crypto/ec/ec_lcl.h | 25 ++++++++-----------------
crypto/ec/ecdh_ossl.c | 44 ++++++++++++--------------------------------
include/openssl/ec.h | 21 +++++++--------------
6 files changed, 62 insertions(+), 96 deletions(-)
diff --git a/crypto/ec/ec_25519.c b/crypto/ec/ec_25519.c
index 3e6609a..3acb275 100644
--- a/crypto/ec/ec_25519.c
+++ b/crypto/ec/ec_25519.c
@@ -293,10 +293,8 @@ static int x25519_point_cmp(const EC_GROUP *group, const EC_POINT *a,
return 1;
}
-static int x25519_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key, const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
+static int x25519_compute_key(unsigned char **psec, size_t *pseclen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
unsigned char *key;
int ret = -1;
@@ -304,19 +302,12 @@ static int x25519_compute_key(void *out, size_t outlen,
return -1;
key = OPENSSL_malloc(EC_X25519_KEYLEN);
if (key == NULL)
- return -1;
+ return 0;
if (X25519(key, ecdh->custom_data, pub_key->custom_data) == 0)
goto err;
- if (KDF) {
- if (KDF(key, EC_X25519_KEYLEN, out, &outlen) == NULL)
- goto err;
- ret = outlen;
- } else {
- if (outlen > EC_X25519_KEYLEN)
- outlen = EC_X25519_KEYLEN;
- memcpy(out, key, outlen);
- ret = outlen;
- }
+ *psec = key;
+ *pseclen = EC_X25519_KEYLEN;
+ return 1;
err:
OPENSSL_clear_free(key, EC_X25519_KEYLEN);
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 8508c11..b1af918 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -305,6 +305,7 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
{ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
{ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+ {ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 1a15877..fad74bf 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -51,6 +51,7 @@
* ====================================================================
*/
+#include <string.h>
#include <openssl/ec.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
@@ -165,10 +166,27 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
void *(*KDF) (const void *in, size_t inlen, void *out,
size_t *outlen))
{
- if (eckey->meth->compute_key != NULL)
- return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
- ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
- return 0;
+ unsigned char *sec = NULL;
+ size_t seclen;
+ if (eckey->meth->compute_key == NULL) {
+ ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+ return 0;
+ }
+ if (outlen > INT_MAX) {
+ ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+ return 0;
+ }
+ if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+ return 0;
+ if (KDF != NULL) {
+ KDF(sec, seclen, out, &outlen);
+ } else {
+ if (outlen > seclen)
+ outlen = seclen;
+ memcpy(out, sec, outlen);
+ }
+ OPENSSL_clear_free(sec, seclen);
+ return outlen;
}
EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
@@ -214,14 +232,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
}
void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
- int (*ckey)(void *out,
- size_t outlen,
+ int (*ckey)(unsigned char **psec,
+ size_t *pseclen,
const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in,
- size_t inlen,
- void *out,
- size_t *outlen)))
+ const EC_KEY *ecdh))
{
meth->compute_key = ckey;
}
@@ -292,14 +306,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
}
void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
- int (**pck)(void *out,
- size_t outlen,
+ int (**pck)(unsigned char **pout,
+ size_t *poutlen,
const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in,
- size_t inlen,
- void *out,
- size_t *outlen)))
+ const EC_KEY *ecdh))
{
if (pck != NULL)
*pck = meth->compute_key;
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index d5d2bfd..e085f76 100644
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -212,10 +212,8 @@ struct ec_method_st {
int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
void (*keyfinish)(EC_KEY *eckey);
/* custom ECDH operation */
- int (*ecdh_compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen));
+ int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh);
} /* EC_METHOD */ ;
/*
@@ -616,11 +614,8 @@ struct ec_key_method_st {
int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
int (*keygen)(EC_KEY *key);
- int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen));
-
+ int (*compute_key)(unsigned char **pout, size_t *poutlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh);
int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
*sig, unsigned int *siglen, const BIGNUM *kinv,
const BIGNUM *r, EC_KEY *eckey);
@@ -639,14 +634,10 @@ struct ec_key_method_st {
#define EC_KEY_METHOD_DYNAMIC 1
int ossl_ec_key_gen(EC_KEY *eckey);
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen));
-int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen));
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh);
struct ECDSA_SIG_st {
BIGNUM *r;
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index 2761537..d1bebc4 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -77,46 +77,34 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return -1;
}
- return ecdh->group->meth->ecdh_compute_key(out, outlen, pub_key, ecdh,
- KDF);
+ return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
}
/*-
* This implementation is based on the following primitives in the IEEE 1363 standard:
* - ECKAS-DH1
* - ECSVDP-DH
- * Finally an optional KDF is applied.
*/
-int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
- void *out, size_t *outlen))
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
BN_CTX *ctx;
EC_POINT *tmp = NULL;
BIGNUM *x = NULL, *y = NULL;
const BIGNUM *priv_key;
const EC_GROUP *group;
- int ret = -1;
+ int ret = 0;
size_t buflen, len;
unsigned char *buf = NULL;
- if (outlen > INT_MAX) {
- /* sort of, anyway */
- ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-
if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
@@ -183,19 +171,11 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
goto err;
}
- if (KDF != 0) {
- if (KDF(buf, buflen, out, &outlen) == NULL) {
- ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_KDF_FAILED);
- goto err;
- }
- ret = outlen;
- } else {
- /* no KDF, just copy as much as we can */
- if (outlen > buflen)
- outlen = buflen;
- memcpy(out, buf, outlen);
- ret = outlen;
- }
+ *pout = buf;
+ *poutlen = buflen;
+ buf = NULL;
+
+ ret = 1;
err:
EC_POINT_free(tmp);
@@ -203,5 +183,5 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
BN_CTX_end(ctx);
BN_CTX_free(ctx);
OPENSSL_free(buf);
- return (ret);
+ return ret;
}
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index f0d648e..0fb8ce9 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1231,14 +1231,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
int (*keygen)(EC_KEY *key));
void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
- int (*ckey)(void *out,
- size_t outlen,
+ int (*ckey)(unsigned char **psec,
+ size_t *pseclen,
const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in,
- size_t inlen,
- void *out,
- size_t *outlen)));
+ const EC_KEY *ecdh));
void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
int (*sign)(int type, const unsigned char *dgst,
@@ -1279,14 +1275,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
int (**pkeygen)(EC_KEY *key));
void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
- int (**pck)(void *out,
- size_t outlen,
+ int (**pck)(unsigned char **psec,
+ size_t *pseclen,
const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF) (const void *in,
- size_t inlen,
- void *out,
- size_t *outlen)));
+ const EC_KEY *ecdh));
void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
int (**psign)(int type, const unsigned char *dgst,
@@ -1594,6 +1586,7 @@ void ERR_load_EC_strings(void);
# define EC_R_INVALID_FIELD 103
# define EC_R_INVALID_FORM 104
# define EC_R_INVALID_GROUP_ORDER 122
+# define EC_R_INVALID_OUTPUT_LENGTH 161
# define EC_R_INVALID_PENTANOMIAL_BASIS 132
# define EC_R_INVALID_PRIVATE_KEY 123
# define EC_R_INVALID_TRINOMIAL_BASIS 137
More information about the openssl-commits
mailing list