[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Jul 26 19:16:10 UTC 2017
The branch master has been updated
via 00606b06d5209368d1bd2fcab70bf6d9e2fe875f (commit)
via 75f163d33575bac299258cea58e1da80fba01769 (commit)
via 7eb370ee15715c8fc84582d08d1b1be539d948f6 (commit)
via e15c95ce8596bcc2a5f5e163ff78ccf469dbf994 (commit)
via 11a25d34549461ad6ddd61322ed3b54dd4c69686 (commit)
via dc46fc25d7e4388f1a6f972bfdf4e24c2b81a0f7 (commit)
via dae2218d762bc83a92189189b83966af5932d92d (commit)
from 7b608d0828c6df0b3bcd49224cdf6ccf4ab4af90 (commit)
- Log -----------------------------------------------------------------
commit 00606b06d5209368d1bd2fcab70bf6d9e2fe875f
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 14:26:16 2017 +0200
add basic references to the new methods in documentation
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit 75f163d33575bac299258cea58e1da80fba01769
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 16:27:06 2017 +0200
handle scrypt PBKDF in PKCS#12 files info
Print the parameters for scrypt PBKDF when used in PKCS#12 files.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit 7eb370ee15715c8fc84582d08d1b1be539d948f6
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 13:23:17 2017 +0200
nicer formatting for MAC info
The info printing for PBES2 already uses space after type and commas to
separate items in the line so use the same format for MAC info too.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit e15c95ce8596bcc2a5f5e163ff78ccf469dbf994
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 15:05:59 2017 +0200
make scrypt ASN.1 parameter functions public
Since scrypt PBKDF can be used both in PKCS#5 and PKCS#12 files,
do share the code between them.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit 11a25d34549461ad6ddd61322ed3b54dd4c69686
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 16:25:51 2017 +0200
more info about PKCS#12 structure MAC
report additional information about the MAC used over the
PKCS#12 structure: size of mac and salt as well as the
hash algorithm used for creating it
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit dc46fc25d7e4388f1a6f972bfdf4e24c2b81a0f7
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 20 14:10:29 2016 +0200
pkcs12.c better formatting for unsupported params
since when we get to this point, other information was already
printed, we should insert some whitespace between already
printed data and this "unsupported parameters" error message
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
commit dae2218d762bc83a92189189b83966af5932d92d
Author: Hubert Kario <hkario at redhat.com>
Date: Wed Jul 26 14:58:58 2017 +0200
fix OSSL_STORE man pages
the man pages have lines that contain nothing but whitespace,
clean it up by removing that whitespace
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 38 +++++++++++++++++++++++++++++++-------
crypto/asn1/asn1_item_list.h | 3 +++
crypto/asn1/p5_scrypt.c | 13 ++-----------
doc/man3/OSSL_STORE_INFO.pod | 2 +-
doc/man3/OSSL_STORE_LOADER.pod | 2 +-
doc/man3/OSSL_STORE_open.pod | 2 +-
doc/man3/X509_dup.pod | 2 ++
doc/man3/d2i_X509.pod | 2 ++
include/openssl/x509.h | 13 +++++++++++++
util/libcrypto.num | 6 ++++++
10 files changed, 62 insertions(+), 21 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 28ae2d5..e8c1c87 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -523,12 +523,20 @@ int pkcs12_main(int argc, char **argv)
const ASN1_INTEGER *tmaciter;
const X509_ALGOR *macalgid;
const ASN1_OBJECT *macobj;
- PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
+ const ASN1_OCTET_STRING *tmac;
+ const ASN1_OCTET_STRING *tsalt;
+
+ PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
+ /* current hash algorithms do not use parameters so extract just name,
+ in future alg_print() may be needed */
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
- BIO_puts(bio_err, "MAC:");
+ BIO_puts(bio_err, "MAC: ");
i2a_ASN1_OBJECT(bio_err, macobj);
- BIO_printf(bio_err, " Iteration %ld\n",
- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+ BIO_printf(bio_err, ", Iteration %ld\n",
+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+ BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
+ tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+ tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
}
if (macver) {
/* If we enter empty password try no password first */
@@ -782,7 +790,7 @@ static int alg_print(const X509_ALGOR *alg)
if (aparamtype == V_ASN1_SEQUENCE)
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
if (pbe2 == NULL) {
- BIO_puts(bio_err, "<unsupported parameters>");
+ BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
@@ -798,7 +806,7 @@ static int alg_print(const X509_ALGOR *alg)
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
if (kdf == NULL) {
- BIO_puts(bio_err, "<unsupported parameters>");
+ BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
@@ -811,13 +819,29 @@ static int alg_print(const X509_ALGOR *alg)
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
+ } else if (pbenid == NID_id_scrypt) {
+ SCRYPT_PARAMS *kdf = NULL;
+
+ if (aparamtype == V_ASN1_SEQUENCE)
+ kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
+ if (kdf == NULL) {
+ BIO_puts(bio_err, ", <unsupported parameters>");
+ goto done;
+ }
+ BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
+ "Block size(r): %ld, Paralelizm(p): %ld",
+ ASN1_STRING_length(kdf->salt),
+ ASN1_INTEGER_get(kdf->costParameter),
+ ASN1_INTEGER_get(kdf->blockSize),
+ ASN1_INTEGER_get(kdf->parallelizationParameter));
+ SCRYPT_PARAMS_free(kdf);
}
PBE2PARAM_free(pbe2);
} else {
if (aparamtype == V_ASN1_SEQUENCE)
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
if (pbe == NULL) {
- BIO_puts(bio_err, "<unsupported parameters>");
+ BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 27608b7..db8107e 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -140,6 +140,9 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(RSA_OAEP_PARAMS),
ASN1_ITEM_ref(RSA_PSS_PARAMS),
#endif
+#ifndef OPENSSL_NO_SCRYPT
+ ASN1_ITEM_ref(SCRYPT_PARAMS),
+#endif
ASN1_ITEM_ref(SXNETID),
ASN1_ITEM_ref(SXNET),
ASN1_ITEM_ref(USERNOTICE),
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 4cb7837..c556d01 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -18,24 +18,15 @@
#ifndef OPENSSL_NO_SCRYPT
/* PKCS#5 scrypt password based encryption structures */
-typedef struct {
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *costParameter;
- ASN1_INTEGER *blockSize;
- ASN1_INTEGER *parallelizationParameter;
- ASN1_INTEGER *keyLength;
-} SCRYPT_PARAMS;
-
ASN1_SEQUENCE(SCRYPT_PARAMS) = {
ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
-} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
size_t keylen, uint64_t N, uint64_t r,
diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod
index 22ab666..1b0f233 100644
--- a/doc/man3/OSSL_STORE_INFO.pod
+++ b/doc/man3/OSSL_STORE_INFO.pod
@@ -16,7 +16,7 @@ OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects
=head1 SYNOPSIS
#include <openssl/store.h>
-
+
typedef struct ossl_store_info_st OSSL_STORE_INFO;
int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info);
diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod
index 4386c28..6a6d3b6 100644
--- a/doc/man3/OSSL_STORE_LOADER.pod
+++ b/doc/man3/OSSL_STORE_LOADER.pod
@@ -52,7 +52,7 @@ unregister STORE loaders for different URI schemes
int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader,
OSSL_STORE_close_fn store_close_function);
void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader);
-
+
int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 14ce9d2..1a2626c 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -9,7 +9,7 @@ OSSL_STORE_close - Types and functions to read objects from a URI
=head1 SYNOPSIS
#include <openssl/store.h>
-
+
typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 8226983..f1b2761 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -170,6 +170,8 @@ RSA_OAEP_PARAMS_free,
RSA_OAEP_PARAMS_new,
RSA_PSS_PARAMS_free,
RSA_PSS_PARAMS_new,
+SCRYPT_PARAMS_free,
+SCRYPT_PARAMS_new,
SXNETID_free,
SXNETID_new,
SXNET_free,
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index c4d89a8..f501948 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -133,6 +133,7 @@ d2i_RSA_PSS_PARAMS,
d2i_RSA_PUBKEY,
d2i_RSA_PUBKEY_bio,
d2i_RSA_PUBKEY_fp,
+d2i_SCRYPT_PARAMS,
d2i_SCT_LIST,
d2i_SXNET,
d2i_SXNETID,
@@ -307,6 +308,7 @@ i2d_RSA_PSS_PARAMS,
i2d_RSA_PUBKEY,
i2d_RSA_PUBKEY_bio,
i2d_RSA_PUBKEY_fp,
+i2d_SCRYPT_PARAMS,
i2d_SCT_LIST,
i2d_SXNET,
i2d_SXNETID,
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 286c399..e4e4639 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -305,6 +305,16 @@ typedef struct PBKDF2PARAM_st {
X509_ALGOR *prf;
} PBKDF2PARAM;
+#ifndef OPENSSL_NO_SCRYPT
+typedef struct SCRYPT_PARAMS_st {
+ ASN1_OCTET_STRING *salt;
+ ASN1_INTEGER *costParameter;
+ ASN1_INTEGER *blockSize;
+ ASN1_INTEGER *parallelizationParameter;
+ ASN1_INTEGER *keyLength;
+} SCRYPT_PARAMS;
+#endif
+
#ifdef __cplusplus
}
#endif
@@ -971,6 +981,9 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
DECLARE_ASN1_FUNCTIONS(PBEPARAM)
DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+#endif
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c103d12..1c754b4 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4364,3 +4364,9 @@ EVP_sha3_384 4306 1_1_1 EXIST::FUNCTION:
EVP_sha3_512 4307 1_1_1 EXIST::FUNCTION:
EVP_shake128 4308 1_1_1 EXIST::FUNCTION:
EVP_shake256 4309 1_1_1 EXIST::FUNCTION:
+SCRYPT_PARAMS_new 4310 1_1_1 EXIST::FUNCTION:SCRYPT
+SCRYPT_PARAMS_free 4311 1_1_1 EXIST::FUNCTION:SCRYPT
+i2d_SCRYPT_PARAMS 4312 1_1_1 EXIST::FUNCTION:SCRYPT
+d2i_SCRYPT_PARAMS 4313 1_1_1 EXIST::FUNCTION:SCRYPT
+SCRYPT_PARAMS_it 4314 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:SCRYPT
+SCRYPT_PARAMS_it 4314 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:SCRYPT
More information about the openssl-commits
mailing list