[openssl] master update
patrick.steuer at de.ibm.com
patrick.steuer at de.ibm.com
Thu Jan 28 15:09:30 UTC 2021
The branch master has been updated
via d744934b756bc71344818a2cb60b13dd89954afb (commit)
via 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1 (commit)
from 732a4d15b0da7c04437ea828b2915a691b6e38db (commit)
- Log -----------------------------------------------------------------
commit d744934b756bc71344818a2cb60b13dd89954afb
Author: Juergen Christ <jchrist at linux.ibm.com>
Date: Tue Jan 26 17:06:54 2021 +0100
Remove superfluous EVP_KDF_CTRL_ defines.
These defines were never used and not needed.
Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1
Author: Juergen Christ <jchrist at linux.ibm.com>
Date: Mon Dec 14 17:36:22 2020 +0100
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/EVP_KDF-SSHKDF.pod | 21 +++++++++---------
doc/man7/provider-kdf.pod | 2 +-
include/openssl/kdf.h | 39 +++++++--------------------------
providers/fips/self_test_data.inc | 4 ++--
providers/implementations/kdfs/sshkdf.c | 12 +++++-----
test/evp_kdf_test.c | 4 ++--
6 files changed, 31 insertions(+), 51 deletions(-)
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index 454bb6b699..2b2f0cc227 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -41,9 +41,9 @@ These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
These parameters set the respective values for the KDF.
If a value is already set, the contents are replaced.
-=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <integer>
+=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <UTF8 string>
-This parameter sets the type for the SSHHKDF operation.
+This parameter sets the type for the SSHKDF operation.
There are six supported types:
=over 4
@@ -51,32 +51,32 @@ There are six supported types:
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
The Initial IV from client to server.
-A single char of value 65 (ASCII char 'A').
+Char array initializer of value {65, 0}, i.e., ASCII string "A".
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
The Initial IV from server to client
-A single char of value 66 (ASCII char 'B').
+Char array initializer of value {66, 0}, i.e., ASCII string "B".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
The Encryption Key from client to server
-A single char of value 67 (ASCII char 'C').
+Char array initializer of value {67, 0}, i.e., ASCII string "C".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
The Encryption Key from server to client
-A single char of value 68 (ASCII char 'D').
+Char array initializer of value {68, 0}, i.e., ASCII string "D".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
The Integrity Key from client to server
-A single char of value 69 (ASCII char 'E').
+Char array initializer of value {69, 0}, i.e., ASCII string "E".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
The Integrity Key from client to server
-A single char of value 70 (ASCII char 'F').
+Char array initializer of value {70, 0}, i.e., ASCII string "F".
=back
@@ -103,6 +103,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
EVP_KDF *kdf;
EVP_KDF_CTX *kctx;
+ const char type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
unsigned char key[1024] = "01234...";
unsigned char xcghash[32] = "012345...";
unsigned char session_id[32] = "012345...";
@@ -122,8 +123,8 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
xcghash, (size_t)32);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
session_id, (size_t)32);
- *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
- EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
+ type, sizeof(type));
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
/* Error */
diff --git a/doc/man7/provider-kdf.pod b/doc/man7/provider-kdf.pod
index 07aaf373c6..be0bc7b51b 100644
--- a/doc/man7/provider-kdf.pod
+++ b/doc/man7/provider-kdf.pod
@@ -246,7 +246,7 @@ Sets the xcghash in the associated KDF ctx.
Sets the session ID in the associated KDF ctx.
-=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <integer>
+=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <UTF8 string>
Sets the SSH KDF type parameter in the associated KDF ctx.
There are six supported types:
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index 7f89f75270..f5a1dab62e 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -56,41 +56,18 @@ void EVP_KDF_names_do_all(const EVP_KDF *kdf,
void (*fn)(const char *name, void *data),
void *data);
-# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */
-# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */
-# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */
-# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_ADD_TLS_SEED 0x08 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x09
-# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0a /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0b /* int */
-# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0c /* uint64_t */
-# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0d /* uint32_t */
-# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0e /* uint32_t */
-# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x0f /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x10 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x11 /* int */
-# define EVP_KDF_CTRL_SET_MAC 0x12 /* EVP_MAC * */
-# define EVP_KDF_CTRL_SET_MAC_SIZE 0x13 /* size_t */
-# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x14 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x15 /* int */
-# define EVP_KDF_CTRL_SET_UKM 0x16 /* unsigned char *, size_t */
-# define EVP_KDF_CTRL_SET_CEK_ALG 0x17 /* char * */
-# define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO
-
# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
-#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
-#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
-#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
-#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
-#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69
-#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70
+/* SSHKDF key exchange stages.*/
+/* See https://tools.ietf.org/html/rfc4253#section-7.2 */
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV {65, 0}
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI {66, 0}
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV {67, 0}
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI {68, 0}
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV {69, 0}
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI {70, 0}
/**** The legacy PKEY-based KDF API follows. ****/
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 4a9bcf450e..7631d682e5 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -351,7 +351,7 @@ static const ST_KAT_PARAM pbkdf2_params[] = {
};
static const char sshkdf_digest[] = "SHA1";
-static int sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
+static const char sshkdf_type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
static const unsigned char sshkdf_key[] = {
0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31,
0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1,
@@ -386,7 +386,7 @@ static const unsigned char sshkdf_expected[] = {
};
static const ST_KAT_PARAM sshkdf_params[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest),
- ST_KAT_PARAM_INT(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
+ ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id),
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
index daf0dd2e87..e86c502184 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -135,7 +135,6 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
const OSSL_PARAM *p;
KDF_SSHKDF *ctx = vctx;
OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
- int t;
if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
return 0;
@@ -156,14 +155,17 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_TYPE))
!= NULL) {
- if (p->data == NULL || p->data_size == 0)
+ const char *kdftype;
+
+ if (!OSSL_PARAM_get_utf8_string_ptr(p, &kdftype))
+ return 0;
+ if (kdftype == NULL || kdftype[0] == '\0' || kdftype[1] != '\0')
return 0;
- t = *(unsigned char *)p->data;
- if (t < 65 || t > 70) {
+ if (kdftype[0] < 65 || kdftype[0] > 70) {
ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
return 0;
}
- ctx->type = (char)t;
+ ctx->type = kdftype[0];
}
return 1;
}
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index d56e14cdb0..b0e8d2b5fb 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -1207,7 +1207,7 @@ static int test_kdf_sshkdf(void)
int ret;
EVP_KDF_CTX *kctx;
OSSL_PARAM params[6], *p = params;
- char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
+ char kdftype[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
unsigned char out[8];
/* Test data from NIST CAVS 14.1 test vectors */
static unsigned char key[] = {
@@ -1247,7 +1247,7 @@ static int test_kdf_sshkdf(void)
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
sessid, sizeof(sessid));
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
- &kdftype, sizeof(kdftype));
+ kdftype, sizeof(kdftype));
*p = OSSL_PARAM_construct_end();
ret =
More information about the openssl-commits
mailing list