[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Thu Aug 3 00:08:54 UTC 2017 

The branch master has been updated
       via  3f4af53c22ba02cb197a79cd791637ef1b9c3520 (commit)
       via  5b277519236c17a9968623b1f038fe6b34e89899 (commit)
       via  f55129c73920a060e813c883d864222482e067c8 (commit)
       via  a24a5b8cc4103ddd69f21c91c7d7372abc270157 (commit)
       via  e65f650922f5aa9b8970a5ff935938ec46281c1a (commit)
      from  d9ca12cbf6287aee7d86579f4c03be1155696c9f (commit)


- Log -----------------------------------------------------------------
commit 3f4af53c22ba02cb197a79cd791637ef1b9c3520
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Tue Aug 1 19:48:25 2017 +0200

    Fix indentation
    
    Conform to coding guidelines.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3989)

commit 5b277519236c17a9968623b1f038fe6b34e89899
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Tue Aug 1 18:32:45 2017 +0200

    Added differentiation between missing secret and missing seed
    
    This was previously mistakenly handled as a single error code.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3989)

commit f55129c73920a060e813c883d864222482e067c8
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Wed Jul 26 21:49:36 2017 +0200

    Changed use of EVP_PKEY_CTX_md() and more specific error codes
    
    Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and
    introduced more specific error codes (not only indicating *that* some
    parameter is missing, but actually *which* one it is).
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3989)

commit a24a5b8cc4103ddd69f21c91c7d7372abc270157
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Sat Jul 22 17:43:05 2017 +0200

    More error handling to HKDF and one more case in TLS1-PRF
    
    HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns
    KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now
    set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed
    that is not recognized. This will have the effect of improving debugging
    output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and
    result in an actual error code (instead of just "failure" and an empty
    error stack).
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3989)

commit e65f650922f5aa9b8970a5ff935938ec46281c1a
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Sat Jul 22 00:11:39 2017 +0200

    Set error when HKDF used without parameters
    
    Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER
    error code when required parameters have not been set. This will make
    "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of
    simply "Public Key operation error".
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3989)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt   |  7 +++++++
 crypto/kdf/hkdf.c        | 12 ++++++++++--
 crypto/kdf/kdf_err.c     |  9 +++++++++
 crypto/kdf/tls1_prf.c    | 14 ++++++++++++--
 include/openssl/kdferr.h |  7 +++++++
 5 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d8fcb9a..58eb321 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -700,6 +700,8 @@ EVP_F_PKEY_SET_TYPE:158:pkey_set_type
 EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
 EVP_F_RC5_CTRL:125:rc5_ctrl
 EVP_F_UPDATE:173:update
+KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
+KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
 KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
 KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
@@ -1963,7 +1965,12 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
 EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
 EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
 KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_MISSING_KEY:104:missing key
+KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
 KDF_R_MISSING_PARAMETER:101:missing parameter
+KDF_R_MISSING_SECRET:107:missing secret
+KDF_R_MISSING_SEED:106:missing seed
+KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
 KDF_R_VALUE_MISSING:102:value missing
 OBJ_R_OID_EXISTS:102:oid exists
 OBJ_R_UNKNOWN_NID:101:unknown nid
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 8b6eeb3..63c3523 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -149,7 +149,8 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     }
 
     if (strcmp(type, "md") == 0)
-        return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value));
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                               EVP_PKEY_CTRL_HKDF_MD, value);
 
     if (strcmp(type, "salt") == 0)
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
@@ -169,6 +170,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     if (strcmp(type, "hexinfo") == 0)
         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
 
+    KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
     return -2;
 }
 
@@ -177,8 +179,14 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
 {
     HKDF_PKEY_CTX *kctx = ctx->data;
 
-    if (kctx->md == NULL || kctx->key == NULL)
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
         return 0;
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
+        return 0;
+    }
 
     switch (kctx->mode) {
     case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
index 5706d2d..8d27272 100644
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -14,6 +14,8 @@
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
     {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
      "pkey_tls1_prf_ctrl_str"},
     {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
@@ -23,7 +25,14 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
 
 static const ERR_STRING_DATA KDF_str_reasons[] = {
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
+    "unknown parameter type"},
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
     {0, NULL}
 };
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index fa13732..063ea03 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -115,6 +115,8 @@ static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
     if (strcmp(type, "hexseed") == 0)
         return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+    KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
     return -2;
 }
 
@@ -122,8 +124,16 @@ static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                 size_t *keylen)
 {
     TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-    if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) {
-        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER);
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
+        return 0;
+    }
+    if (kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
         return 0;
     }
     return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index f101cbf..c01b735 100644
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -22,6 +22,8 @@ int ERR_load_KDF_strings(void);
 /*
  * KDF function codes.
  */
+# define KDF_F_PKEY_HKDF_CTRL_STR                         103
+# define KDF_F_PKEY_HKDF_DERIVE                           102
 # define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
 # define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
 
@@ -29,7 +31,12 @@ int ERR_load_KDF_strings(void);
  * KDF reason codes.
  */
 # define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_KEY                                104
+# define KDF_R_MISSING_MESSAGE_DIGEST                     105
 # define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_SECRET                             107
+# define KDF_R_MISSING_SEED                               106
+# define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
 # define KDF_R_VALUE_MISSING                              102
 
 #endif

More information about the openssl-commits mailing list