[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Oct 30 04:35:11 UTC 2018
The branch master has been updated
via 56adb7d93721a72bfae532845cbebc4a565ceb65 (commit)
via b8d77c9bd675b4128aeeafb4a738938460477a2e (commit)
via e74a435f58441c6f1f6b4558c762e17d0ab67b7f (commit)
via f71faf2753cc1b1cbba0da0997b70e5a908ac24b (commit)
from cf4eea12046445fc418507d2d5e14956b4353495 (commit)
- Log -----------------------------------------------------------------
commit 56adb7d93721a72bfae532845cbebc4a565ceb65
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 24 22:47:28 2018 +0200
Make sure at least one CMAC test still uses the EVP_PKEY method
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
commit b8d77c9bd675b4128aeeafb4a738938460477a2e
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 24 21:40:00 2018 +0200
Adapt other EVP code to use EVP_MAC instead of direct implementation calls
The EVP_PKEY methods for CMAC and HMAC needed a rework, although it
wasn't much change apart from name changes.
This also meant that EVP_PKEY_new_CMAC_key() needed an adjustment.
(the possibility to rewrite this function to work with any MAC is yet
to be explored)
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
commit e74a435f58441c6f1f6b4558c762e17d0ab67b7f
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 24 21:35:00 2018 +0200
EVP_MAC: Integrate CMAC EVP_PKEY_METHOD into generic MAC EVP_PKEY_METHOD
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
commit f71faf2753cc1b1cbba0da0997b70e5a908ac24b
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 24 21:30:00 2018 +0200
EVP_MAC: Add CMAC implementation
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
-----------------------------------------------------------------------
Summary of changes:
crypto/cmac/build.info | 2 +-
crypto/cmac/cm_ameth.c | 7 +-
crypto/cmac/cm_meth.c | 164 +++++++++++++++++++++++++++++++
crypto/cmac/cm_pmeth.c | 161 ------------------------------
crypto/evp/c_allm.c | 3 +
crypto/evp/p_lib.c | 8 +-
crypto/evp/pkey_mac.c | 11 +--
crypto/include/internal/evp_int.h | 2 +
doc/man3/EVP_MAC.pod | 8 --
doc/man7/EVP_MAC_CMAC.pod | 65 ++++++++++++
include/openssl/evp.h | 2 +
test/recipes/30-test_evp_data/evpmac.txt | 2 +-
12 files changed, 248 insertions(+), 187 deletions(-)
create mode 100644 crypto/cmac/cm_meth.c
delete mode 100644 crypto/cmac/cm_pmeth.c
create mode 100644 doc/man7/EVP_MAC_CMAC.pod
diff --git a/crypto/cmac/build.info b/crypto/cmac/build.info
index c8a4949..c460598 100644
--- a/crypto/cmac/build.info
+++ b/crypto/cmac/build.info
@@ -1,2 +1,2 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_pmeth.c
+SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_meth.c
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
index a58454a..7126584 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,7 +10,6 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include <openssl/cmac.h>
#include "internal/asn1_int.h"
/*
@@ -25,8 +24,8 @@ static int cmac_size(const EVP_PKEY *pkey)
static void cmac_key_free(EVP_PKEY *pkey)
{
- CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
- CMAC_CTX_free(cmctx);
+ EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+ EVP_MAC_CTX_free(cmctx);
}
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c
new file mode 100644
index 0000000..7089936
--- /dev/null
+++ b/crypto/cmac/cm_meth.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "internal/evp_int.h"
+
+/* local CMAC pkey structure */
+
+/* typedef EVP_MAC_IMPL */
+struct evp_mac_impl_st {
+ /* tmpcipher and tmpengine are set to NULL after a CMAC_Init call */
+ const EVP_CIPHER *tmpcipher; /* cached CMAC cipher */
+ const ENGINE *tmpengine; /* cached CMAC cipher engine */
+ CMAC_CTX *ctx;
+};
+
+static EVP_MAC_IMPL *cmac_new(void)
+{
+ EVP_MAC_IMPL *cctx;
+
+ if ((cctx = OPENSSL_zalloc(sizeof(*cctx))) == NULL
+ || (cctx->ctx = CMAC_CTX_new()) == NULL) {
+ OPENSSL_free(cctx);
+ cctx = NULL;
+ }
+
+ return cctx;
+}
+
+static void cmac_free(EVP_MAC_IMPL *cctx)
+{
+ if (cctx != NULL) {
+ CMAC_CTX_free(cctx->ctx);
+ OPENSSL_free(cctx);
+ }
+}
+
+static int cmac_copy(EVP_MAC_IMPL *cdst, EVP_MAC_IMPL *csrc)
+{
+ if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx))
+ return 0;
+
+ cdst->tmpengine = csrc->tmpengine;
+ cdst->tmpcipher = csrc->tmpcipher;
+ return 1;
+}
+
+static size_t cmac_size(EVP_MAC_IMPL *cctx)
+{
+ return EVP_CIPHER_CTX_block_size(CMAC_CTX_get0_cipher_ctx(cctx->ctx));
+}
+
+static int cmac_init(EVP_MAC_IMPL *cctx)
+{
+ int rv = CMAC_Init(cctx->ctx, NULL, 0, cctx->tmpcipher,
+ (ENGINE *)cctx->tmpengine);
+ cctx->tmpcipher = NULL;
+ cctx->tmpengine = NULL;
+
+ return rv;
+}
+
+static int cmac_update(EVP_MAC_IMPL *cctx, const unsigned char *data,
+ size_t datalen)
+{
+ return CMAC_Update(cctx->ctx, data, datalen);
+}
+
+static int cmac_final(EVP_MAC_IMPL *cctx, unsigned char *out)
+{
+ size_t hlen;
+
+ return CMAC_Final(cctx->ctx, out, &hlen);
+}
+
+static int cmac_ctrl(EVP_MAC_IMPL *cctx, int cmd, va_list args)
+{
+ switch (cmd) {
+ case EVP_MAC_CTRL_SET_KEY:
+ {
+ const unsigned char *key = va_arg(args, const unsigned char *);
+ size_t keylen = va_arg(args, size_t);
+ int rv = CMAC_Init(cctx->ctx, key, keylen, cctx->tmpcipher,
+ (ENGINE *)cctx->tmpengine);
+
+ cctx->tmpcipher = NULL;
+ cctx->tmpengine = NULL;
+
+ return rv;
+ }
+ break;
+ case EVP_MAC_CTRL_SET_CIPHER:
+ cctx->tmpcipher = va_arg(args, const EVP_CIPHER *);
+ break;
+ case EVP_MAC_CTRL_SET_ENGINE:
+ cctx->tmpengine = va_arg(args, const ENGINE *);
+ break;
+ default:
+ return -2;
+ }
+ return 1;
+}
+
+static int cmac_ctrl_int(EVP_MAC_IMPL *hctx, int cmd, ...)
+{
+ int rv;
+ va_list args;
+
+ va_start(args, cmd);
+ rv = cmac_ctrl(hctx, cmd, args);
+ va_end(args);
+
+ return rv;
+}
+
+static int cmac_ctrl_str_cb(void *hctx, int cmd, void *buf, size_t buflen)
+{
+ return cmac_ctrl_int(hctx, cmd, buf, buflen);
+}
+
+static int cmac_ctrl_str(EVP_MAC_IMPL *cctx, const char *type,
+ const char *value)
+{
+ if (!value)
+ return 0;
+ if (strcmp(type, "cipher") == 0) {
+ const EVP_CIPHER *c = EVP_get_cipherbyname(value);
+
+ if (c == NULL)
+ return 0;
+ return cmac_ctrl_int(cctx, EVP_MAC_CTRL_SET_CIPHER, c);
+ }
+ if (strcmp(type, "key") == 0)
+ return EVP_str2ctrl(cmac_ctrl_str_cb, cctx, EVP_MAC_CTRL_SET_KEY,
+ value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_hex2ctrl(cmac_ctrl_str_cb, cctx, EVP_MAC_CTRL_SET_KEY,
+ value);
+ return -2;
+}
+
+const EVP_MAC cmac_meth = {
+ EVP_MAC_CMAC,
+ cmac_new,
+ cmac_copy,
+ cmac_free,
+ cmac_size,
+ cmac_init,
+ cmac_update,
+ cmac_final,
+ cmac_ctrl,
+ cmac_ctrl_str
+};
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
deleted file mode 100644
index 10748f1..0000000
--- a/crypto/cmac/cm_pmeth.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/evp.h>
-#include <openssl/cmac.h>
-#include "internal/evp_int.h"
-
-/* The context structure and "key" is simply a CMAC_CTX */
-
-static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
-{
- ctx->data = CMAC_CTX_new();
- if (ctx->data == NULL)
- return 0;
- ctx->keygen_info_count = 0;
- return 1;
-}
-
-static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
- if (!pkey_cmac_init(dst))
- return 0;
- if (!CMAC_CTX_copy(dst->data, src->data))
- return 0;
- return 1;
-}
-
-static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
-{
- CMAC_CTX_free(ctx->data);
-}
-
-static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- CMAC_CTX *cmkey = CMAC_CTX_new();
- CMAC_CTX *cmctx = ctx->data;
- if (cmkey == NULL)
- return 0;
- if (!CMAC_CTX_copy(cmkey, cmctx)) {
- CMAC_CTX_free(cmkey);
- return 0;
- }
- EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
-
- return 1;
-}
-
-static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
- return 0;
- return 1;
-}
-
-static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
- EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
- EVP_MD_CTX_set_update_fn(mctx, int_update);
- return 1;
-}
-
-static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
- EVP_MD_CTX *mctx)
-{
- return CMAC_Final(ctx->data, sig, siglen);
-}
-
-static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
- CMAC_CTX *cmctx = ctx->data;
- switch (type) {
-
- case EVP_PKEY_CTRL_SET_MAC_KEY:
- if (!p2 || p1 < 0)
- return 0;
- if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
- return 0;
- break;
-
- case EVP_PKEY_CTRL_CIPHER:
- if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
- return 0;
- break;
-
- case EVP_PKEY_CTRL_MD:
- if (ctx->pkey && !CMAC_CTX_copy(ctx->data,
- (CMAC_CTX *)ctx->pkey->pkey.ptr))
- return 0;
- if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL))
- return 0;
- break;
-
- default:
- return -2;
-
- }
- return 1;
-}
-
-static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
-{
- if (!value) {
- return 0;
- }
- if (strcmp(type, "cipher") == 0) {
- const EVP_CIPHER *c;
- c = EVP_get_cipherbyname(value);
- if (!c)
- return 0;
- return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
- }
- if (strcmp(type, "key") == 0)
- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
- if (strcmp(type, "hexkey") == 0)
- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
- return -2;
-}
-
-const EVP_PKEY_METHOD cmac_pkey_meth = {
- EVP_PKEY_CMAC,
- EVP_PKEY_FLAG_SIGCTX_CUSTOM,
- pkey_cmac_init,
- pkey_cmac_copy,
- pkey_cmac_cleanup,
-
- 0, 0,
-
- 0,
- pkey_cmac_keygen,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- cmac_signctx_init,
- cmac_signctx,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- 0, 0,
-
- pkey_cmac_ctrl,
- pkey_cmac_ctrl_str
-};
diff --git a/crypto/evp/c_allm.c b/crypto/evp/c_allm.c
index d5eb858..862b639 100644
--- a/crypto/evp/c_allm.c
+++ b/crypto/evp/c_allm.c
@@ -12,4 +12,7 @@
void openssl_add_all_macs_int(void)
{
+#ifndef OPENSSL_NO_CMAC
+ EVP_add_mac(&cmac_meth);
+#endif
}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9429be9..154ef78 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -319,7 +319,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
{
#ifndef OPENSSL_NO_CMAC
EVP_PKEY *ret = EVP_PKEY_new();
- CMAC_CTX *cmctx = CMAC_CTX_new();
+ EVP_MAC_CTX *cmctx = EVP_MAC_CTX_new_id(EVP_MAC_CMAC);
if (ret == NULL
|| cmctx == NULL
@@ -328,7 +328,9 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
goto err;
}
- if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+ if (EVP_MAC_ctrl(cmctx, EVP_MAC_CTRL_SET_ENGINE, e) <= 0
+ || EVP_MAC_ctrl(cmctx, EVP_MAC_CTRL_SET_CIPHER, cipher) <= 0
+ || EVP_MAC_ctrl(cmctx, EVP_MAC_CTRL_SET_KEY, priv, len) <= 0) {
EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
goto err;
}
@@ -338,7 +340,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
err:
EVP_PKEY_free(ret);
- CMAC_CTX_free(cmctx);
+ EVP_MAC_CTX_free(cmctx);
return NULL;
#else
EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY,
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index d4aa585..ecf70bb 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -327,15 +327,8 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx,
return EVP_MAC_ctrl_str(hctx->ctx, type, value);
}
-/*
- * When this is actually used, the following will be replaced with real
- * EVP_PKEY_METHODs, all exactly the same apart from the type and possibly
- * the flags.
- */
-
-extern const EVP_PKEY_METHOD FAKE_pkey_meth;
-const EVP_PKEY_METHOD FAKE_pkey_meth = {
- 20870442 /* EVP_PKEY_FAKE, a beast times 31337 (you do the math) */,
+const EVP_PKEY_METHOD cmac_pkey_meth = {
+ EVP_PKEY_CMAC,
EVP_PKEY_FLAG_SIGCTX_CUSTOM,
pkey_mac_init,
pkey_mac_copy,
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index dadade3..8bbc23b 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -128,6 +128,8 @@ struct evp_mac_st {
int (*ctrl_str) (EVP_MAC_IMPL *macctx, const char *type, const char *value);
};
+extern const EVP_MAC cmac_meth;
+
/*
* This function is internal for now, but can be made external when needed.
* The documentation would read:
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index a30f3fa..2b48940 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -326,16 +326,8 @@ F<./foo>)
=head1 SEE ALSO
-=begin comment
-
-Add links to existing implementations in this form:
-
L<EVP_MAC_CMAC(7)>
-Make sure the documentation exists in doc/man7/
-
-=end comment
-
=head1 COPYRIGHT
Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man7/EVP_MAC_CMAC.pod b/doc/man7/EVP_MAC_CMAC.pod
new file mode 100644
index 0000000..bb37472
--- /dev/null
+++ b/doc/man7/EVP_MAC_CMAC.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+EVP_MAC_CMAC - The CMAC EVP_MAC implementation
+
+=head1 DESCRIPTION
+
+Support for computing CMAC MACs through the B<EVP_MAC> API.
+
+=head2 Numeric identity
+
+B<EVP_MAC_CMAC> is the numeric identity for this implementation, and
+can be used in functions like EVP_MAC_CTX_new_id() and
+EVP_get_macbynid().
+
+=head2 Supported controls
+
+The supported controls are:
+
+=over 4
+
+=item B<EVP_MAC_CTRL_SET_KEY>
+
+EVP_MAC_ctrl_str() takes to type string for this control:
+
+=over 4
+
+=item "key"
+
+The value string is used as is.
+
+=item "hexkey"
+
+The value string is expected to be a hexadecimal number, which will be
+decoded before passing on as control value.
+
+=back
+
+=item B<EVP_MAC_CTRL_SET_ENGINE>
+
+=item B<EVP_MAC_CTRL_SET_CIPHER>
+
+These work as described in L<EVP_MAC(3)/CONTROLS>.
+
+EVP_MAC_ctrl_str() type string for B<EVP_MAC_CTRL_SET_CIPHER>: "cipher"
+
+The value is expected to be the name of a cipher.
+
+=back
+
+=head1 SEE ALSO
+
+L<EVP_MAC_ctrl(3)>, L<EVP_MAC(3)/CONTROLS>
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4b4c956..5e6c039 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -987,6 +987,8 @@ void EVP_MD_do_all_sorted(void (*fn)
/* MAC stuff */
+# define EVP_MAC_CMAC NID_cmac
+
EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac);
EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
index 4ec5fa4..2506e7d 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -360,7 +360,7 @@ Key = 77A77FAF290C1FA30C683DF16BA7A77B
Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13
Output = FBFEA41BF9740CB501F1292C21CEBB40
-MAC = CMAC
+MAC = CMAC by EVP_PKEY
Algorithm = AES-192-CBC
Key = 7B32391369AA4CA97558095BE3C3EC862BD057CEF1E32D62
Input =
More information about the openssl-commits
mailing list