[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Mar 2 20:50:59 UTC 2016


The branch master has been updated
       via  e9b1c42f753fcb90eee70a12b0ac832951d7ac0b (commit)
       via  e2285d878d28f55bffc731a34389a2ea91de779f (commit)
      from  2ad9ef06a6aadeeb78a05ce18ace0ea5f300401b (commit)


- Log -----------------------------------------------------------------
commit e9b1c42f753fcb90eee70a12b0ac832951d7ac0b
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Mar 1 19:16:21 2016 +0000

    make errors
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit e2285d878d28f55bffc731a34389a2ea91de779f
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Mon Feb 29 14:12:11 2016 +0000

    Handle KDF internally.
    
    Handle KDF in ECDH_compute_key instead of requiring each implementation
    support it. This modifies the compute_key method: now it allocates and
    populates a buffer containing the shared secret.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_25519.c  | 21 ++++++---------------
 crypto/ec/ec_err.c    |  1 +
 crypto/ec/ec_kmeth.c  | 46 ++++++++++++++++++++++++++++------------------
 crypto/ec/ec_lcl.h    | 25 ++++++++-----------------
 crypto/ec/ecdh_ossl.c | 44 ++++++++++++--------------------------------
 include/openssl/ec.h  | 21 +++++++--------------
 6 files changed, 62 insertions(+), 96 deletions(-)

diff --git a/crypto/ec/ec_25519.c b/crypto/ec/ec_25519.c
index 3e6609a..3acb275 100644
--- a/crypto/ec/ec_25519.c
+++ b/crypto/ec/ec_25519.c
@@ -293,10 +293,8 @@ static int x25519_point_cmp(const EC_GROUP *group, const EC_POINT *a,
     return 1;
 }
 
-static int x25519_compute_key(void *out, size_t outlen,
-                              const EC_POINT *pub_key, const EC_KEY *ecdh,
-                              void *(*KDF) (const void *in, size_t inlen,
-                                            void *out, size_t *outlen))
+static int x25519_compute_key(unsigned char **psec, size_t *pseclen,
+                              const EC_POINT *pub_key, const EC_KEY *ecdh)
 {
     unsigned char *key;
     int ret = -1;
@@ -304,19 +302,12 @@ static int x25519_compute_key(void *out, size_t outlen,
         return -1;
     key = OPENSSL_malloc(EC_X25519_KEYLEN);
     if (key == NULL)
-        return -1;
+        return 0;
     if (X25519(key, ecdh->custom_data, pub_key->custom_data) == 0)
         goto err;
-    if (KDF) {
-        if (KDF(key, EC_X25519_KEYLEN, out, &outlen) == NULL)
-            goto err;
-        ret = outlen;
-    } else {
-        if (outlen > EC_X25519_KEYLEN)
-            outlen = EC_X25519_KEYLEN;
-        memcpy(out, key, outlen);
-        ret = outlen;
-    }
+    *psec = key;
+    *pseclen = EC_X25519_KEYLEN;
+    return 1;
 
  err:
     OPENSSL_clear_free(key, EC_X25519_KEYLEN);
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 8508c11..b1af918 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -305,6 +305,7 @@ static ERR_STRING_DATA EC_str_reasons[] = {
     {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
     {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
     {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
     {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
     {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
     {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 1a15877..fad74bf 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -51,6 +51,7 @@
  * ====================================================================
  */
 
+#include <string.h>
 #include <openssl/ec.h>
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
@@ -165,10 +166,27 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                      void *(*KDF) (const void *in, size_t inlen, void *out,
                                    size_t *outlen))
 {
-    if (eckey->meth->compute_key != NULL)
-        return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-    ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
-    return 0;
+    unsigned char *sec = NULL;
+    size_t seclen;
+    if (eckey->meth->compute_key == NULL) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+        return 0;
+    }
+    if (outlen > INT_MAX) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+        return 0;
+    }
+    if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+        return 0;
+    if (KDF != NULL) {
+        KDF(sec, seclen, out, &outlen);
+    } else {
+        if (outlen > seclen)
+            outlen = seclen;
+        memcpy(out, sec, outlen);
+    }
+    OPENSSL_clear_free(sec, seclen);
+    return outlen;
 }
 
 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
@@ -214,14 +232,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
 }
 
 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
-                                   int (*ckey)(void *out,
-                                               size_t outlen,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
                                                const EC_POINT *pub_key,
-                                               const EC_KEY *ecdh,
-                                               void *(*KDF) (const void *in,
-                                                             size_t inlen,
-                                                             void *out,
-                                                             size_t *outlen)))
+                                               const EC_KEY *ecdh))
 {
     meth->compute_key = ckey;
 }
@@ -292,14 +306,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
 }
 
 void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
-                                   int (**pck)(void *out,
-                                               size_t outlen,
+                                   int (**pck)(unsigned char **pout,
+                                               size_t *poutlen,
                                                const EC_POINT *pub_key,
-                                               const EC_KEY *ecdh,
-                                               void *(*KDF) (const void *in,
-                                                             size_t inlen,
-                                                             void *out,
-                                                             size_t *outlen)))
+                                               const EC_KEY *ecdh))
 {
     if (pck != NULL)
         *pck = meth->compute_key;
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index d5d2bfd..e085f76 100644
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -212,10 +212,8 @@ struct ec_method_st {
     int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
     void (*keyfinish)(EC_KEY *eckey);
     /* custom ECDH operation */
-    int (*ecdh_compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
-                            const EC_KEY *ecdh,
-                            void *(*KDF) (const void *in, size_t inlen,
-                                          void *out, size_t *outlen));
+    int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
 } /* EC_METHOD */ ;
 
 /*
@@ -616,11 +614,8 @@ struct ec_key_method_st {
     int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
     int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
     int (*keygen)(EC_KEY *key);
-    int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
-                       const EC_KEY *ecdh,
-                       void *(*KDF) (const void *in, size_t inlen,
-                                     void *out, size_t *outlen));
-
+    int (*compute_key)(unsigned char **pout, size_t *poutlen,
+                       const EC_POINT *pub_key, const EC_KEY *ecdh);
     int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
                 *sig, unsigned int *siglen, const BIGNUM *kinv,
                 const BIGNUM *r, EC_KEY *eckey);
@@ -639,14 +634,10 @@ struct ec_key_method_st {
 #define EC_KEY_METHOD_DYNAMIC   1
 
 int ossl_ec_key_gen(EC_KEY *eckey);
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                          const EC_KEY *ecdh,
-                          void *(*KDF) (const void *in, size_t inlen,
-                                        void *out, size_t *outlen));
-int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                            const EC_KEY *ecdh,
-                            void *(*KDF) (const void *in, size_t inlen,
-                                          void *out, size_t *outlen));
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
 
 struct ECDSA_SIG_st {
     BIGNUM *r;
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index 2761537..d1bebc4 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -77,46 +77,34 @@
 #include <openssl/ec.h>
 #include "ec_lcl.h"
 
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                          const EC_KEY *ecdh,
-                          void *(*KDF) (const void *in, size_t inlen,
-                                        void *out, size_t *outlen))
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh)
 {
     if (ecdh->group->meth->ecdh_compute_key == NULL) {
         ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
         return -1;
     }
 
-    return ecdh->group->meth->ecdh_compute_key(out, outlen, pub_key, ecdh,
-                                               KDF);
+    return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
 }
 
 /*-
  * This implementation is based on the following primitives in the IEEE 1363 standard:
  *  - ECKAS-DH1
  *  - ECSVDP-DH
- * Finally an optional KDF is applied.
  */
-int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                            const EC_KEY *ecdh,
-                            void *(*KDF) (const void *in, size_t inlen,
-                                          void *out, size_t *outlen))
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh)
 {
     BN_CTX *ctx;
     EC_POINT *tmp = NULL;
     BIGNUM *x = NULL, *y = NULL;
     const BIGNUM *priv_key;
     const EC_GROUP *group;
-    int ret = -1;
+    int ret = 0;
     size_t buflen, len;
     unsigned char *buf = NULL;
 
-    if (outlen > INT_MAX) {
-        /* sort of, anyway */
-        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
-        return -1;
-    }
-
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
     BN_CTX_start(ctx);
@@ -183,19 +171,11 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         goto err;
     }
 
-    if (KDF != 0) {
-        if (KDF(buf, buflen, out, &outlen) == NULL) {
-            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_KDF_FAILED);
-            goto err;
-        }
-        ret = outlen;
-    } else {
-        /* no KDF, just copy as much as we can */
-        if (outlen > buflen)
-            outlen = buflen;
-        memcpy(out, buf, outlen);
-        ret = outlen;
-    }
+    *pout = buf;
+    *poutlen = buflen;
+    buf = NULL;
+
+    ret = 1;
 
  err:
     EC_POINT_free(tmp);
@@ -203,5 +183,5 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_free(buf);
-    return (ret);
+    return ret;
 }
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index f0d648e..0fb8ce9 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1231,14 +1231,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
                               int (*keygen)(EC_KEY *key));
 
 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
-                                   int (*ckey)(void *out,
-                                               size_t outlen,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
                                                const EC_POINT *pub_key,
-                                               const EC_KEY *ecdh,
-                                               void *(*KDF) (const void *in,
-                                                             size_t inlen,
-                                                             void *out,
-                                                             size_t *outlen)));
+                                               const EC_KEY *ecdh));
 
 void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
                             int (*sign)(int type, const unsigned char *dgst,
@@ -1279,14 +1275,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
                               int (**pkeygen)(EC_KEY *key));
 
 void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
-                                   int (**pck)(void *out,
-                                               size_t outlen,
+                                   int (**pck)(unsigned char **psec,
+                                               size_t *pseclen,
                                                const EC_POINT *pub_key,
-                                               const EC_KEY *ecdh,
-                                               void *(*KDF) (const void *in,
-                                                             size_t inlen,
-                                                             void *out,
-                                                             size_t *outlen)));
+                                               const EC_KEY *ecdh));
 
 void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
                             int (**psign)(int type, const unsigned char *dgst,
@@ -1594,6 +1586,7 @@ void ERR_load_EC_strings(void);
 # define EC_R_INVALID_FIELD                               103
 # define EC_R_INVALID_FORM                                104
 # define EC_R_INVALID_GROUP_ORDER                         122
+# define EC_R_INVALID_OUTPUT_LENGTH                       161
 # define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 # define EC_R_INVALID_PRIVATE_KEY                         123
 # define EC_R_INVALID_TRINOMIAL_BASIS                     137


More information about the openssl-commits mailing list