[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Mar 2 21:22:27 UTC 2016
The branch master has been updated
via c748c1147623beaf8ea3a33d5c4b1535f74baa16 (commit)
via 7d04be79dbd4cf47d2b079057f272b34c2256e8f (commit)
via 2ff9e7432d32c454ccc6c6b67442662baa335557 (commit)
via 23a9808c4c617ea48cdb7d0b0d9fdbcd107411ed (commit)
via 4e8cb45c095aaf9317bc62b7787af66217663a48 (commit)
via cd8e4decf79985ffe586c4ccdd35e897f3ac703a (commit)
via 99119000add47e4d1d9241f4e76f57d98439a766 (commit)
from e9b1c42f753fcb90eee70a12b0ac832951d7ac0b (commit)
- Log -----------------------------------------------------------------
commit c748c1147623beaf8ea3a33d5c4b1535f74baa16
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 22:15:02 2016 +0000
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 7d04be79dbd4cf47d2b079057f272b34c2256e8f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 18:04:42 2016 +0000
Generalise KDF test in evp_test.c
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 2ff9e7432d32c454ccc6c6b67442662baa335557
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 16:22:25 2016 +0000
Convert PRF tests to use Ctrl
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 23a9808c4c617ea48cdb7d0b0d9fdbcd107411ed
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 15:08:18 2016 +0000
Add Ctrl keyword to KDF test in evp_test
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 4e8cb45c095aaf9317bc62b7787af66217663a48
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 14:58:33 2016 +0000
Add string ctrl operations to TLS1 PRF, update documentation.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit cd8e4decf79985ffe586c4ccdd35e897f3ac703a
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 14:56:02 2016 +0000
Use utility functions for HMAC and CMAC.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 99119000add47e4d1d9241f4e76f57d98439a766
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 1 14:47:15 2016 +0000
EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/cmac/cm_pmeth.c | 19 ++++------------
crypto/evp/pmeth_lib.c | 29 ++++++++++++++++++++++++
crypto/hmac/hm_pmeth.c | 19 ++++------------
crypto/kdf/tls1_prf.c | 27 +++++++++++++++++++++-
doc/crypto/EVP_PKEY_TLS1_PRF.pod | 11 ++++++++-
include/openssl/evp.h | 3 +++
test/evp_test.c | 33 +++------------------------
test/evptests.txt | 48 ++++++++++++++++++++--------------------
util/libeay.num | 2 ++
9 files changed, 105 insertions(+), 86 deletions(-)
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
index 4e060f3..f00a32e 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -157,10 +157,6 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
if (!value) {
return 0;
}
- if (strcmp(type, "key") == 0) {
- void *p = (void *)value;
- return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p);
- }
if (strcmp(type, "cipher") == 0) {
const EVP_CIPHER *c;
c = EVP_get_cipherbyname(value);
@@ -168,17 +164,10 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
return 0;
return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
}
- if (strcmp(type, "hexkey") == 0) {
- unsigned char *key;
- int r;
- long keylen;
- key = string_to_hex(value, &keylen);
- if (!key)
- return 0;
- r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
- OPENSSL_free(key);
- return r;
- }
+ if (strcmp(type, "key") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
return -2;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 72baaa9..44a6a05 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -63,8 +63,10 @@
# include <openssl/engine.h>
#endif
#include <openssl/evp.h>
+#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
+#include "internal/numbers.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@@ -381,6 +383,33 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
return ctx->pmeth->ctrl_str(ctx, name, value);
}
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+ size_t len;
+
+ len = strlen(str);
+ if (len > INT_MAX)
+ return -1;
+ return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+ unsigned char *bin;
+ long binlen;
+ int rv = -1;
+
+ bin = string_to_hex(hex, &binlen);
+ if (bin == NULL)
+ return 0;
+ if (binlen <= INT_MAX)
+ rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+ OPENSSL_free(bin);
+ return rv;
+}
+
int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
{
return ctx->operation;
diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
index 41013bc..268b48d 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -206,21 +206,10 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
if (!value) {
return 0;
}
- if (strcmp(type, "key") == 0) {
- void *p = (void *)value;
- return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
- }
- if (strcmp(type, "hexkey") == 0) {
- unsigned char *key;
- int r;
- long keylen;
- key = string_to_hex(value, &keylen);
- if (!key)
- return 0;
- r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
- OPENSSL_free(key);
- return r;
- }
+ if (strcmp(type, "key") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
return -2;
}
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index 374c6e4..1302eb0 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -138,6 +138,31 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
}
}
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+ const char *type, const char *value)
+{
+ if (value == NULL)
+ return 0;
+ if (strcmp(type, "md") == 0) {
+ TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+ const EVP_MD *md = EVP_get_digestbyname(value);
+ if (md == NULL)
+ return 0;
+ kctx->md = md;
+ return 1;
+ }
+ if (strcmp(type, "secret") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+ if (strcmp(type, "hexsecret") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+ if (strcmp(type, "seed") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+ if (strcmp(type, "hexseed") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+ return -2;
+}
+
static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@@ -176,7 +201,7 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
0,
pkey_tls1_prf_derive,
pkey_tls1_prf_ctrl,
- 0
+ pkey_tls1_prf_ctrl_str
};
static int tls1_prf_P_hash(const EVP_MD *md,
diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
index 8e9ff5a..e2a695d 100644
--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
@@ -33,6 +33,14 @@ and any seed is reset.
EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
If a seed is already set it is appended to the existing value.
+=head1 STRING CTRLS
+
+The TLS PRF also supports string based control operations using
+EVP_PKEY_CTX_ctrl_str(). The B<type> parameters "secret" and "seed" use
+the supplied B<value> parameter as a secret or seed value. The names
+"hexsecret" and "hexseed" are similar except they take a hex string which
+is converted to binary.
+
=head1 NOTES
All these functions are implemented as macros.
@@ -82,6 +90,7 @@ and seed value "seed":
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_derive(3)>,
+L<EVP_PKEY_CTX_ctrl(3)>,
+L<EVP_PKEY_derive(3)>
=cut
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d71429e..44ca1f3 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1224,6 +1224,9 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
diff --git a/test/evp_test.c b/test/evp_test.c
index 6bc3a8a..bda7f69 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1739,9 +1739,7 @@ static const struct evp_test_method encode_test_method = {
encode_test_run,
};
-/*
- * KDF operations: initially just TLS1 PRF but can be adapted.
- */
+/* KDF operations */
struct kdf_data {
/* Context for this operation */
@@ -1780,39 +1778,14 @@ static void kdf_test_cleanup(struct evp_test *t)
EVP_PKEY_CTX_free(kdata->ctx);
}
-static int kdf_ctrl(EVP_PKEY_CTX *ctx, int op, const char *value)
-{
- unsigned char *buf = NULL;
- size_t buf_len;
- int rv = 0;
- if (test_bin(value, &buf, &buf_len) == 0)
- return 0;
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, op, buf_len, buf) <= 0)
- goto err;
- rv = 1;
- err:
- OPENSSL_free(buf);
- return rv;
-}
-
static int kdf_test_parse(struct evp_test *t,
const char *keyword, const char *value)
{
struct kdf_data *kdata = t->data;
if (strcmp(keyword, "Output") == 0)
return test_bin(value, &kdata->output, &kdata->output_len);
- else if (strcmp(keyword, "MD") == 0) {
- const EVP_MD *md = EVP_get_digestbyname(value);
- if (md == NULL)
- return 0;
- if (EVP_PKEY_CTX_set_tls1_prf_md(kdata->ctx, md) <= 0)
- return 0;
- return 1;
- } else if (strcmp(keyword, "Secret") == 0) {
- return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
- } else if (strncmp("Seed", keyword, 4) == 0) {
- return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SEED, value);
- }
+ if (strncmp(keyword, "Ctrl", 4) == 0)
+ return pkey_test_ctrl(kdata->ctx, value);
return 0;
}
diff --git a/test/evptests.txt b/test/evptests.txt
index 4c83163..b041344 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2974,48 +2974,48 @@ Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6
# TLS1 PRF tests, from NIST test vectors
KDF=TLS1-PRF
-MD=MD5-SHA1
-Secret = bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
-Seed.label = "master secret"
-Seed.client_random = e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
-Seed.server_random = 135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
+Ctrl.label = seed:master secret
+Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
+Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
KDF=TLS1-PRF
-MD=MD5-SHA1
-Secret = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
-Seed.label = "key expansion"
-Seed.server_random = 67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
-Seed.client_random = d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
+Ctrl.label = seed:key expansion
+Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
+Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
KDF=TLS1-PRF
-MD=SHA256
-Secret = f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
-Seed.label = "master secret"
-Seed.client_random = 36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
-Seed.server_random = f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Ctrl.md = md:SHA256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
KDF=TLS1-PRF
-MD=SHA256
-Secret = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-Seed.label = "key expansion"
-Seed.server_random = ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-Seed.client_random = 62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
+Ctrl.md = md:SHA256
+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+Ctrl.label = seed:key expansion
+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
# Missing digest.
KDF=TLS1-PRF
-Secret = 01
-Seed = 02
+Ctrl.Secret = hexsecret:01
+Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR
# Missing secret.
KDF=TLS1-PRF
-MD=MD5-SHA1
-Seed = 02
+Ctrl.md = md:MD5-SHA1
+Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR
diff --git a/util/libeay.num b/util/libeay.num
index d49fd74..3033574 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4801,3 +4801,5 @@ CT_POLICY_EVAL_CTX_set0_cert 5304 1_1_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_get0_log_store 5305 1_1_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_free 5306 1_1_0 EXIST::FUNCTION:
CT_verify_no_bad_scts 5307 1_1_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_hex2ctrl 5308 1_1_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_str2ctrl 5309 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list