[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Sep 11 00:29:56 UTC 2019
The branch master has been updated
via 64115f05ac950390e80e3993703513cda439fca0 (commit)
via 69333af49d8ddba6b551506ddbbccea73aee4a6b (commit)
via 2e548ac9a103f9366675d58dd52ced1889688231 (commit)
via 27e27cd7ef5df70289058101df1ad2aa9b5ab139 (commit)
via 1732c260db11273792ea465e29c2018b7bab52e5 (commit)
via d810cc197737cc34fac60eee04720ad3fb0088bf (commit)
from 4a3dd6292385a23134e113a01463f9516004ae85 (commit)
- Log -----------------------------------------------------------------
commit 64115f05ac950390e80e3993703513cda439fca0
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:42:22 2019 +1000
Usages of KDFs converted to use the name macros
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
commit 69333af49d8ddba6b551506ddbbccea73aee4a6b
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:42:00 2019 +1000
Register KDF's using their name macros rather than strings
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
commit 2e548ac9a103f9366675d58dd52ced1889688231
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:39:10 2019 +1000
Make FIPS provider use KDF name for PBKDF2
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
commit 27e27cd7ef5df70289058101df1ad2aa9b5ab139
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:37:11 2019 +1000
Update tests to (mostly) use KDF names
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
commit 1732c260db11273792ea465e29c2018b7bab52e5
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:36:48 2019 +1000
Convert SSL functions to use KDF names not SN_ strings
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
commit d810cc197737cc34fac60eee04720ad3fb0088bf
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 9 11:35:25 2019 +1000
Add macros for the KDF algorithm names.
This avoids the problems with PBKDF2 and SCRYPT not being of the same form
as the rest.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9814)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_kdf.c | 2 +-
crypto/ec/ecdh_kdf.c | 2 +-
crypto/evp/p5_crpt2.c | 2 +-
crypto/evp/pbe_scrypt.c | 2 +-
include/openssl/core_names.h | 10 ++++++++++
providers/default/defltprov.c | 16 ++++++++--------
providers/fips/fipsprov.c | 10 +++++-----
ssl/t1_enc.c | 2 +-
ssl/tls13_enc.c | 4 ++--
test/evp_kdf_test.c | 22 +++++++++++-----------
10 files changed, 41 insertions(+), 31 deletions(-)
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 781d34a94f..a1bbea3013 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -39,7 +39,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
if (oid_sn == NULL)
return 0;
- kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL);
+ kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL);
if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
goto err;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index 55e676d20a..a19080940a 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -24,7 +24,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
EVP_KDF_CTX *kctx = NULL;
OSSL_PARAM params[4], *p = params;
const char *mdname = EVP_MD_name(md);
- EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_x963kdf, NULL);
+ EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL);
if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index c12d35c8ab..96a72730f3 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -40,7 +40,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
if (salt == NULL && saltlen == 0)
salt = (unsigned char *)empty;
- kdf = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL);
+ kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index 7a9f6f47a4..62b9687949 100644
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -62,7 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
if (maxmem == 0)
maxmem = SCRYPT_MAX_MEM;
- kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL);
+ kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 27b4588ce1..b11bc614a8 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -128,6 +128,16 @@ extern "C" {
#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */
#define OSSL_KDF_PARAM_SIZE "size" /* size_t */
+/* Known KDF names */
+#define OSSL_KDF_NAME_HKDF "HKDF"
+#define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
+#define OSSL_KDF_NAME_SCRYPT "id-scrypt"
+#define OSSL_KDF_NAME_SSHKDF "SSHKDF"
+#define OSSL_KDF_NAME_SSKDF "SSKDF"
+#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
+#define OSSL_KDF_NAME_X942KDF "X942KDF"
+#define OSSL_KDF_NAME_X963KDF "X963KDF"
+
/* PKEY parameters */
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 9ce918aea5..3f2ad610a9 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -212,17 +212,17 @@ static const OSSL_ALGORITHM deflt_macs[] = {
};
static const OSSL_ALGORITHM deflt_kdfs[] = {
- { "HKDF", "default=yes", kdf_hkdf_functions },
- { "SSKDF", "default=yes", kdf_sskdf_functions },
- { "PBKDF2", "default=yes", kdf_pbkdf2_functions },
- { "SSHKDF", "default=yes", kdf_sshkdf_functions },
- { "X963KDF", "default=yes", kdf_x963_kdf_functions },
- { "TLS1-PRF", "default=yes", kdf_tls1_prf_functions },
+ { OSSL_KDF_NAME_HKDF, "default=yes", kdf_hkdf_functions },
+ { OSSL_KDF_NAME_SSKDF, "default=yes", kdf_sskdf_functions },
+ { OSSL_KDF_NAME_PBKDF2, "default=yes", kdf_pbkdf2_functions },
+ { OSSL_KDF_NAME_SSHKDF, "default=yes", kdf_sshkdf_functions },
+ { OSSL_KDF_NAME_X963KDF, "default=yes", kdf_x963_kdf_functions },
+ { OSSL_KDF_NAME_TLS1_PRF, "default=yes", kdf_tls1_prf_functions },
#ifndef OPENSSL_NO_CMS
- { "X942KDF", "default=yes", kdf_x942_kdf_functions },
+ { OSSL_KDF_NAME_X942KDF, "default=yes", kdf_x942_kdf_functions },
#endif
#ifndef OPENSSL_NO_SCRYPT
- { "id-scrypt", "default=yes", kdf_scrypt_functions },
+ { OSSL_KDF_NAME_SCRYPT, "default=yes", kdf_scrypt_functions },
#endif
{ NULL, NULL, NULL }
};
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 59cd4080f4..e5bb9b41d6 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -122,7 +122,7 @@ static int dummy_evp_call(void *provctx)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
- EVP_KDF *kdf = EVP_KDF_fetch(libctx, "pbkdf2", NULL);
+ EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
char msg[] = "Hello World!";
const unsigned char exptd[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -346,10 +346,10 @@ static const OSSL_ALGORITHM fips_macs[] = {
};
static const OSSL_ALGORITHM fips_kdfs[] = {
- { "HKDF", "fips=yes", kdf_hkdf_functions },
- { "SSKDF", "fips=yes", kdf_sskdf_functions },
- { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
- { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
+ { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions },
+ { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions },
+ { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions },
+ { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions },
{ NULL, NULL, NULL }
};
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 6726d8fb7d..fc082530db 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -46,7 +46,7 @@ static int tls1_PRF(SSL *s,
SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
return 0;
}
- kdf = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL);
+ kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_TLS1_PRF, NULL);
if (kdf == NULL)
goto err;
kctx = EVP_KDF_CTX_new(kdf);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index f7c472d1fb..2339a05aad 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -36,7 +36,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
#else
static const unsigned char label_prefix[] = "tls13 ";
#endif
- EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL);
+ EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_HKDF, NULL);
EVP_KDF_CTX *kctx;
OSSL_PARAM params[5], *p = params;
int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
@@ -194,7 +194,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
#endif
unsigned char preextractsec[EVP_MAX_MD_SIZE];
- kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL);
+ kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_HKDF, NULL);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL) {
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index abc4dccd46..6d8517ff87 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -49,7 +49,7 @@ static int test_kdf_tls1_prf(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_tls1_prf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -79,7 +79,7 @@ static int test_kdf_hkdf(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_hkdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -120,7 +120,7 @@ static int test_kdf_pbkdf2(void)
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
*p = OSSL_PARAM_construct_end();
- if (!TEST_ptr(kctx = get_kdfbyname(LN_id_pbkdf2))
+ if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
|| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
|| !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
|| !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
@@ -190,7 +190,7 @@ static int test_kdf_scrypt(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_id_scrypt))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
/* failure test *//*
&& TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
@@ -234,7 +234,7 @@ static int test_kdf_ss_hash(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -288,7 +288,7 @@ static int test_kdf_x963(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_x963kdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -331,7 +331,7 @@ static int test_kdf_ss_hmac(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -377,7 +377,7 @@ static int test_kdf_ss_kmac(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -435,7 +435,7 @@ static int test_kdf_sshkdf(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_sshkdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
@@ -451,7 +451,7 @@ static int test_kdf_get_kdf(void)
int ok = 1;
if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
- || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL))
+ || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
|| !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
NULL))
|| !TEST_ptr_eq(kdf1, kdf2))
@@ -509,7 +509,7 @@ static int test_kdf_x942_asn1(void)
*p = OSSL_PARAM_construct_end();
ret =
- TEST_ptr(kctx = get_kdfbyname(SN_x942kdf))
+ TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
More information about the openssl-commits
mailing list