[openssl] master update

Richard Levitte levitte at openssl.org
Mon Aug 19 08:57:37 UTC 2019


The branch master has been updated
       via  81ff9eebbcf15ce04b52cc4257b265617ba412eb (commit)
      from  faee6b21048623a422d537cdbad24f50c5c21937 (commit)


- Log -----------------------------------------------------------------
commit 81ff9eebbcf15ce04b52cc4257b265617ba412eb
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Aug 15 12:39:20 2019 +0200

    Use macros internally for algorithm names
    
    The macros are defined in include/openssl/core_names.h and follow the
    naming standard OSSL_{OPNAME}_NAME_{ALGONAME}, where {OPNAME} is the
    name of the operation (such as MAC) and {ALGONAME} is the name of the
    algorithm.  Example: OSSL_MAC_NAME_HMAC
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9635)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/p_lib.c                |  2 +-
 crypto/kdf/sskdf.c                |  8 ++++----
 crypto/kdf/tls1_prf.c             |  2 +-
 crypto/modes/siv128.c             |  3 ++-
 include/openssl/core_names.h      | 10 ++++++++++
 providers/common/macs/kmac_prov.c |  4 ++--
 test/evp_kdf_test.c               |  7 +++++--
 7 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 90e13f4854..bc573d0208 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -327,7 +327,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
     OPENSSL_CTX *libctx =
         prov == NULL ? NULL : ossl_provider_library_context(prov);
     EVP_PKEY *ret = EVP_PKEY_new();
-    EVP_MAC *cmac = EVP_MAC_fetch(libctx, "CMAC", NULL);
+    EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL);
     EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL;
     OSSL_PARAM params[4];
     size_t paramsn = 0;
diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c
index 7e5a68be5e..a4a9abff5a 100644
--- a/crypto/kdf/sskdf.c
+++ b/crypto/kdf/sskdf.c
@@ -467,7 +467,7 @@ static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen)
          * block size?
          */
         macname = EVP_MAC_name(impl->mac);
-        if (strcmp(macname, "HMAC") == 0) {
+        if (strcmp(macname, OSSL_MAC_NAME_HMAC) == 0) {
             /* H(x) = HMAC(x, salt, hash) */
             if (impl->md == NULL) {
                 KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
@@ -476,12 +476,12 @@ static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen)
             default_salt_len = EVP_MD_block_size(impl->md);
             if (default_salt_len <= 0)
                 return 0;
-        } else if (strcmp(macname, "KMAC128") == 0
-                   || strcmp(macname, "KMAC256") == 0) {
+        } else if (strcmp(macname, OSSL_MAC_NAME_KMAC128) == 0
+                   || strcmp(macname, OSSL_MAC_NAME_KMAC256) == 0) {
             /* H(x) = KMACzzz(x, salt, custom) */
             custom = kmac_custom_str;
             custom_len = sizeof(kmac_custom_str);
-            if (strcmp(macname, "KMAC128") == 0)
+            if (strcmp(macname, OSSL_MAC_NAME_KMAC128) == 0)
                 default_salt_len = SSKDF_KMAC128_DEFAULT_SALT_SIZE;
             else
                 default_salt_len = SSKDF_KMAC256_DEFAULT_SALT_SIZE;
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index 1df201dd3f..b53c417737 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -243,7 +243,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     int mac_flags;
     const char *mdname = EVP_MD_name(md);
 
-    mac = EVP_MAC_fetch(NULL, "HMAC", NULL); /* Implicit fetch */
+    mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL); /* Implicit fetch */
     ctx_init = EVP_MAC_CTX_new(mac);
     if (ctx_init == NULL)
         goto err;
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 04abea25c1..626d2f37ec 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -186,7 +186,8 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
     if (key == NULL || cbc == NULL || ctr == NULL
             || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL
             /* TODO(3.0) library context */
-            || (ctx->mac = EVP_MAC_fetch(NULL, "CMAC", NULL)) == NULL
+            || (ctx->mac =
+                EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL
             || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL
             || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params)
             || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL)
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index c1bc3a7d7b..76fe37ee4a 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -64,6 +64,10 @@ extern "C" {
 #define OSSL_DIGEST_PARAM_SIZE      "size" /* OSSL_PARAM_INTEGER */
 #define OSSL_DIGEST_PARAM_FLAGS     "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */
 
+/* Known DIGEST names (not a complete list) */
+#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK_KMAC128"
+#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK_KMAC256"
+
 /* MAC parameters */
 #define OSSL_MAC_PARAM_KEY          "key"       /* octet string */
 #define OSSL_MAC_PARAM_IV           "iv"        /* octet string */
@@ -84,6 +88,12 @@ extern "C" {
 #define OSSL_MAC_PARAM_DIGESTSIZE   "digestsize" /* size_t */
 #define OSSL_MAC_PARAM_OUTLEN       "outlen"    /* size_t */
 
+/* Known MAC names (not a complete list) */
+#define OSSL_MAC_NAME_CMAC          "CMAC"
+#define OSSL_MAC_NAME_HMAC          "HMAC"
+#define OSSL_MAC_NAME_KMAC128       "KMAC128"
+#define OSSL_MAC_NAME_KMAC256       "KMAC256"
+
 /* PKEY parameters */
 /* Diffie-Hellman Parameters */
 #define OSSL_PKEY_PARAM_DH_P         "dh-p"
diff --git a/providers/common/macs/kmac_prov.c b/providers/common/macs/kmac_prov.c
index 84c8fce2c9..70dad09794 100644
--- a/providers/common/macs/kmac_prov.c
+++ b/providers/common/macs/kmac_prov.c
@@ -203,12 +203,12 @@ static void *kmac_fetch_new(void *provctx, const char *mdname)
 
 static void *kmac128_new(void *provctx)
 {
-    return kmac_fetch_new(provctx, "KECCAK_KMAC128");
+    return kmac_fetch_new(provctx, OSSL_DIGEST_NAME_KECCAK_KMAC128);
 }
 
 static void *kmac256_new(void *provctx)
 {
-    return kmac_fetch_new(provctx, "KECCAK_KMAC256");
+    return kmac_fetch_new(provctx, OSSL_DIGEST_NAME_KECCAK_KMAC256);
 }
 
 static void *kmac_dup(void *vsrc)
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index b3d1648c0d..1a131a7995 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -15,6 +15,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
+#include <openssl/core_names.h>
 #include "testutil.h"
 
 static int test_kdf_tls1_prf(void)
@@ -278,7 +279,8 @@ static int test_kdf_ss_hmac(void)
 
     ret =
         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "HMAC"), 0)
+        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC,
+                                    OSSL_MAC_NAME_HMAC), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD,  EVP_sha256()), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
@@ -317,7 +319,8 @@ static int test_kdf_ss_kmac(void)
 
     ret =
         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "KMAC128"), 0)
+        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC,
+                                    OSSL_MAC_NAME_KMAC128), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
                                     sizeof(z)), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,


More information about the openssl-commits mailing list