[openssl] master update
tomas at openssl.org
tomas at openssl.org
Thu Jul 22 11:53:26 UTC 2021
The branch master has been updated
via a983764e17551b2988bd684279ac9e9077d84601 (commit)
via 929f651eaa763625eab602516706a1bf4ba3bc32 (commit)
via 5dc6489bb6026b679eb6cbe696e4227da9c7032e (commit)
from 981a5b7ce3bcdf4748162073c3dbd096c82d3c69 (commit)
- Log -----------------------------------------------------------------
commit a983764e17551b2988bd684279ac9e9077d84601
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jul 20 16:18:58 2021 +0100
Add a test for custom EVP_PKEY_METHODs
Adds a test for using custom EVP_PKEY_METHODs without an ENGINE. As part
of this we also test having a custom EVP_PKEY_METHOD that wraps a built-in
EVP_PKEY_METHOD. We do this for both legacy and provided keys.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
commit 929f651eaa763625eab602516706a1bf4ba3bc32
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jul 19 16:17:50 2021 +0100
Fix custom EVP_PKEY_METHOD implementations where no engine is present
It is possible to have a custom EVP_PKEY_METHOD implementation without
having an engine. In those cases we were failing to use that custom
implementation.
Fixes #16088
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
commit 5dc6489bb6026b679eb6cbe696e4227da9c7032e
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jul 20 09:58:53 2021 +0100
Update our EVP_PKEY_METHODs to get low level keys via public APIs
It is possible to call built-in EVP_PKEY_METHOD functions with a provided
key. For example this might occur if a custom EVP_PKEY_METHOD is in use
that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD
functions should not assume that we are using a legacy key. Instead we
get the low level key using EVP_PKEY_get0_RSA() or other similar functions.
This "does the right thing" if the key is actually provided.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_pmeth.c | 4 +-
crypto/dsa/dsa_pmeth.c | 16 ++-
crypto/ec/ec_pmeth.c | 30 ++++-
crypto/ec/ecx_meth.c | 20 +--
crypto/evp/pmeth_lib.c | 43 +++----
crypto/rsa/rsa_pmeth.c | 67 ++++++----
include/crypto/evp.h | 13 +-
test/evp_extra_test.c | 328 +++++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 443 insertions(+), 78 deletions(-)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index f742bf75cf..1ad50b850d 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -392,7 +392,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
/* Note: if error return, pkey is freed by parent routine */
if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
- return DH_generate_key(pkey->pkey.dh);
+ return DH_generate_key((DH *)EVP_PKEY_get0_DH(pkey));
}
static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
@@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
return 0;
}
- dh = ctx->pkey->pkey.dh;
+ dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey);
dhpub = EVP_PKEY_get0_DH(ctx->peerkey);
if (dhpub == NULL) {
ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index ffb19da580..ba6be720a2 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -81,7 +81,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
int ret;
unsigned int sltmp;
DSA_PKEY_CTX *dctx = ctx->data;
- DSA *dsa = ctx->pkey->pkey.dsa;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey);
if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md))
return 0;
@@ -100,7 +105,12 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
{
int ret;
DSA_PKEY_CTX *dctx = ctx->data;
- DSA *dsa = ctx->pkey->pkey.dsa;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey);
if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md))
return 0;
@@ -245,7 +255,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
- return DSA_generate_key(pkey->pkey.dsa);
+ return DSA_generate_key((DSA *)EVP_PKEY_get0_DSA(pkey));
}
static const EVP_PKEY_METHOD dsa_pkey_meth = {
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index ce658e14ca..19e2f0d0c0 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -109,7 +109,12 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
int ret, type;
unsigned int sltmp;
EC_PKEY_CTX *dctx = ctx->data;
- EC_KEY *ec = ctx->pkey->pkey.ec;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
const int sig_sz = ECDSA_size(ec);
/* ensure cast to size_t is safe */
@@ -142,7 +147,12 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
{
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
- EC_KEY *ec = ctx->pkey->pkey.ec;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
if (dctx->md)
type = EVP_MD_get_type(dctx->md);
@@ -174,7 +184,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
return 0;
}
- eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+ eckey = dctx->co_key ? dctx->co_key
+ : (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
if (!key) {
const EC_GROUP *group;
@@ -266,14 +277,23 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
if (dctx->cofactor_mode != -1)
return dctx->cofactor_mode;
else {
- EC_KEY *ec_key = ctx->pkey->pkey.ec;
+ const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ctx->pkey);
return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
}
} else if (p1 < -1 || p1 > 1)
return -2;
dctx->cofactor_mode = p1;
if (p1 != -1) {
- EC_KEY *ec_key = ctx->pkey->pkey.ec;
+ EC_KEY *ec_key = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
+
+ /*
+ * We discarded the "const" above. This will only work if the key is
+ * a "real" legacy key, and not a cached copy of a provided key
+ */
+ if (evp_pkey_is_provided(ctx->pkey)) {
+ ERR_raise(ERR_LIB_EC, ERR_R_UNSUPPORTED);
+ return 0;
+ }
if (!ec_key->group)
return -2;
/* If cofactor is 1 cofactor mode does nothing */
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c4bbb0a535..9098decf2f 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -732,8 +732,8 @@ static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET);
return 0;
}
- ecxkey = ctx->pkey->pkey.ecx;
- peerkey = EVP_PKEY_get0(ctx->peerkey);
+ ecxkey = evp_pkey_get_legacy(ctx->pkey);
+ peerkey = evp_pkey_get_legacy(ctx->peerkey);
if (ecxkey == NULL || ecxkey->privkey == NULL) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY);
return 0;
@@ -806,7 +806,7 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (sig == NULL) {
*siglen = ED25519_SIGSIZE;
@@ -828,7 +828,7 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (sig == NULL) {
*siglen = ED448_SIGSIZE;
@@ -850,7 +850,7 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (siglen != ED25519_SIGSIZE)
return 0;
@@ -863,7 +863,7 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (siglen != ED448_SIGSIZE)
return 0;
@@ -1177,7 +1177,7 @@ static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx,
} ed25519;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
int rc;
if (sig == NULL) {
@@ -1217,7 +1217,7 @@ static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx,
} ed448;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
int rc;
if (sig == NULL) {
@@ -1260,7 +1260,7 @@ static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx,
} ed25519;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (siglen != ED25519_SIGSIZE)
return 0;
@@ -1287,7 +1287,7 @@ static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx,
} ed448;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
if (siglen != ED448_SIGSIZE)
return 0;
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index c214163588..040a1a8d10 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -184,36 +184,33 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
{
EVP_PKEY_CTX *ret = NULL;
- const EVP_PKEY_METHOD *pmeth = NULL;
+ const EVP_PKEY_METHOD *pmeth = NULL, *app_pmeth = NULL;
EVP_KEYMGMT *keymgmt = NULL;
- /*
- * If the given |pkey| is provided, we extract the keytype from its
- * keymgmt and skip over the legacy code.
- */
- if (pkey != NULL && evp_pkey_is_provided(pkey)) {
- /* If we have an engine, something went wrong somewhere... */
- if (!ossl_assert(e == NULL))
- return NULL;
- keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt);
- goto common;
- }
-
-#ifndef FIPS_MODULE
/* Code below to be removed when legacy support is dropped. */
/* BEGIN legacy */
if (id == -1) {
- if (pkey != NULL)
+ if (pkey != NULL && !evp_pkey_is_provided(pkey)) {
id = pkey->type;
- else if (keytype != NULL)
- id = evp_pkey_name2type(keytype);
- if (id == NID_undef)
- id = -1;
+ } else {
+ if (pkey != NULL) {
+ /* Must be provided if we get here */
+ keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt);
+ }
+#ifndef FIPS_MODULE
+ if (keytype != NULL) {
+ id = evp_pkey_name2type(keytype);
+ if (id == NID_undef)
+ id = -1;
+ }
+#endif
+ }
}
/* If no ID was found here, we can only resort to find a keymgmt */
if (id == -1)
goto common;
+#ifndef FIPS_MODULE
/*
* Here, we extract what information we can for the purpose of
* supporting usage with implementations from providers, to make
@@ -253,16 +250,16 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
pmeth = EVP_PKEY_meth_find(id);
else
# endif
- pmeth = evp_pkey_meth_find_added_by_application(id);
+ app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
/* END legacy */
#endif /* FIPS_MODULE */
common:
/*
- * If there's no engine and there's a name, we try fetching a provider
- * implementation.
+ * If there's no engine and no app supplied pmeth and there's a name, we try
+ * fetching a provider implementation.
*/
- if (e == NULL && keytype != NULL) {
+ if (e == NULL && app_pmeth == NULL && keytype != NULL) {
keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery);
if (keymgmt == NULL)
return NULL; /* EVP_KEYMGMT_fetch() recorded an error */
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 110d998ebd..44c819a5c3 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -111,7 +111,8 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
{
if (ctx->tbuf != NULL)
return 1;
- if ((ctx->tbuf = OPENSSL_malloc(RSA_size(pk->pkey->pkey.rsa))) == NULL) {
+ if ((ctx->tbuf =
+ OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pk->pkey)))) == NULL) {
ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -135,7 +136,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey.rsa;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey);
if (rctx->md) {
if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) {
@@ -147,8 +153,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
- ret = RSA_sign_ASN1_OCTET_STRING(0,
- tbs, tbslen, sig, &sltmp, rsa);
+ ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
return ret;
@@ -187,8 +192,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
return -1;
}
} else {
- ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
- rctx->pad_mode);
+ ret = RSA_private_encrypt(tbslen, tbs, sig, rsa, rctx->pad_mode);
}
if (ret < 0)
return ret;
@@ -202,13 +206,18 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey);
if (rctx->md) {
if (rctx->pad_mode == RSA_X931_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
- ret = RSA_public_decrypt(siglen, sig,
- rctx->tbuf, ctx->pkey->pkey.rsa,
+ ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
RSA_X931_PADDING);
if (ret < 1)
return 0;
@@ -227,7 +236,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
size_t sltmp;
ret = ossl_rsa_verify(EVP_MD_get_type(rctx->md),
NULL, 0, rout, &sltmp,
- sig, siglen, ctx->pkey->pkey.rsa);
+ sig, siglen, rsa);
if (ret <= 0)
return 0;
ret = sltmp;
@@ -235,8 +244,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
return -1;
}
} else {
- ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
- rctx->pad_mode);
+ ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode);
}
if (ret < 0)
return ret;
@@ -249,7 +257,12 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
const unsigned char *tbs, size_t tbslen)
{
RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey.rsa;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey);
size_t rslen;
if (rctx->md) {
@@ -302,9 +315,15 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey);
if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
- int klen = RSA_size(ctx->pkey->pkey.rsa);
+ int klen = RSA_size(rsa);
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
@@ -313,11 +332,9 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
rctx->oaep_labellen,
rctx->md, rctx->mgf1md))
return -1;
- ret = RSA_public_encrypt(klen, rctx->tbuf, out,
- ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+ ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING);
} else {
- ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
- rctx->pad_mode);
+ ret = RSA_public_encrypt(inlen, in, out, rsa, rctx->pad_mode);
}
if (ret < 0)
return ret;
@@ -331,12 +348,17 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+ * the "real" key. These calls don't make any modifications that need to
+ * be reflected back in the "original" key.
+ */
+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey);
if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
- ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
- ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+ ret = RSA_private_decrypt(inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING);
if (ret <= 0)
return ret;
ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
@@ -345,8 +367,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
rctx->oaep_labellen,
rctx->md, rctx->mgf1md);
} else {
- ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
- rctx->pad_mode);
+ ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode);
}
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
@@ -805,7 +826,7 @@ const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void)
static int pkey_pss_init(EVP_PKEY_CTX *ctx)
{
- RSA *rsa;
+ const RSA *rsa;
RSA_PKEY_CTX *rctx = ctx->data;
const EVP_MD *md;
const EVP_MD *mgf1md;
@@ -814,7 +835,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx)
/* Should never happen */
if (!pkey_ctx_is_pss(ctx))
return 0;
- rsa = ctx->pkey->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(ctx->pkey);
/* If no restrictions just return */
if (rsa->pss == NULL)
return 1;
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 3707977d9d..68aab33cae 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -22,19 +22,8 @@
*/
#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
-/*
- * An EVP_PKEY_CTX can have the following support states:
- *
- * Supports legacy implementations only:
- *
- * engine != NULL || keytype == NULL
- *
- * Supports provided implementations:
- *
- * engine == NULL && keytype != NULL
- */
#define evp_pkey_ctx_is_legacy(ctx) \
- ((ctx)->engine != NULL || (ctx)->keytype == NULL)
+ ((ctx)->keymgmt == NULL)
#define evp_pkey_ctx_is_provided(ctx) \
(!evp_pkey_ctx_is_legacy(ctx))
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index f10e0077ec..5358a54a6d 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -400,6 +400,47 @@ static const unsigned char kExampleED25519PubKeyDER[] = {
0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
};
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+static const unsigned char kExampleX25519KeyDER[] = {
+ 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
+ 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
+ 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
+ 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
+};
+# endif
+#endif
+
+/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DH
+static const unsigned char kExampleDHKeyDER[] = {
+ 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
+ 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
+ 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
+ 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
+ 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
+ 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
+ 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
+ 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
+ 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
+ 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
+ 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
+ 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
+ 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
+ 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
+ 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
+ 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
+ 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
+ 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
+ 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
+ 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
+ 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
+ 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
+ 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
+ 0x2e, 0x87, 0x2a, 0x0b, 0x7a
+};
+# endif
#endif
static const unsigned char kCFBDefaultKey[] = {
@@ -558,6 +599,36 @@ static EVP_PKEY *load_example_dsa_key(void)
}
#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DH
+static EVP_PKEY *load_example_dh_key(void)
+{
+ return load_example_key("DH", kExampleDHKeyDER,
+ sizeof(kExampleDHKeyDER));
+}
+# endif
+
+# ifndef OPENSSL_NO_EC
+static EVP_PKEY *load_example_ec_key(void)
+{
+ return load_example_key("EC", kExampleECKeyDER,
+ sizeof(kExampleECKeyDER));
+}
+
+static EVP_PKEY *load_example_ed25519_key(void)
+{
+ return load_example_key("ED25519", kExampleED25519KeyDER,
+ sizeof(kExampleED25519KeyDER));
+}
+
+static EVP_PKEY *load_example_x25519_key(void)
+{
+ return load_example_key("X25519", kExampleX25519KeyDER,
+ sizeof(kExampleX25519KeyDER));
+}
+# endif
+#endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
static EVP_PKEY *load_example_hmac_key(void)
{
EVP_PKEY *pkey = NULL;
@@ -3367,6 +3438,259 @@ static int test_gcm_reinit(int idx)
return testresult;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+static EVP_PKEY_METHOD *custom_pmeth = NULL;
+static const EVP_PKEY_METHOD *orig_pmeth = NULL;
+
+# define EVP_PKEY_CTRL_MY_COMMAND 9999
+
+static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
+{
+ int (*pinit)(EVP_PKEY_CTX *ctx);
+
+ EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
+ return pinit(ctx);
+}
+
+static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
+{
+ void (*pcleanup)(EVP_PKEY_CTX *ctx);
+
+ EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
+ pcleanup(ctx);
+}
+
+static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen)
+{
+ int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+
+ EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
+ return psign(ctx, out, outlen, in, inlen);
+}
+
+static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
+ size_t *siglen, const unsigned char *tbs,
+ size_t tbslen)
+{
+ int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+
+ EVP_PKEY_meth_get_digestsign((EVP_PKEY_METHOD *)orig_pmeth, &pdigestsign);
+ return pdigestsign(ctx, sig, siglen, tbs, tbslen);
+}
+
+static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+ EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
+ return pderive(ctx, key, keylen);
+}
+
+static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
+{
+ int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
+
+ EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
+ return pcopy(dst, src);
+}
+
+static int ctrl_called;
+
+static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+ int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+
+ EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
+
+ if (type == EVP_PKEY_CTRL_MY_COMMAND) {
+ ctrl_called = 1;
+ return 1;
+ }
+
+ return pctrl(ctx, type, p1, p2);
+}
+
+static int test_custom_pmeth(int idx)
+{
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_MD_CTX *ctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ int id, orig_id, orig_flags;
+ int testresult = 0;
+ size_t reslen;
+ unsigned char *res = NULL;
+ unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
+ const EVP_MD *md = EVP_sha256();
+ int doderive = 0;
+
+ ctrl_called = 0;
+
+ /* We call deprecated APIs so this test doesn't support a custom libctx */
+ if (testctx != NULL)
+ return 1;
+
+ switch(idx) {
+ case 0:
+ case 6:
+ id = EVP_PKEY_RSA;
+ pkey = load_example_rsa_key();
+ break;
+ case 1:
+ case 7:
+# ifndef OPENSSL_NO_DSA
+ id = EVP_PKEY_DSA;
+ pkey = load_example_dsa_key();
+ break;
+# else
+ return 1;
+# endif
+ case 2:
+ case 8:
+# ifndef OPENSSL_NO_EC
+ id = EVP_PKEY_EC;
+ pkey = load_example_ec_key();
+ break;
+# else
+ return 1;
+# endif
+ case 3:
+ case 9:
+# ifndef OPENSSL_NO_EC
+ id = EVP_PKEY_ED25519;
+ md = NULL;
+ pkey = load_example_ed25519_key();
+ break;
+# else
+ return 1;
+# endif
+ case 4:
+ case 10:
+# ifndef OPENSSL_NO_DH
+ id = EVP_PKEY_DH;
+ doderive = 1;
+ pkey = load_example_dh_key();
+ break;
+# else
+ return 1;
+# endif
+ case 5:
+ case 11:
+# ifndef OPENSSL_NO_EC
+ id = EVP_PKEY_X25519;
+ doderive = 1;
+ pkey = load_example_x25519_key();
+ break;
+# else
+ return 1;
+# endif
+ default:
+ TEST_error("Should not happen");
+ goto err;
+ }
+
+ if (!TEST_ptr(pkey))
+ goto err;
+
+ if (idx < 6) {
+ if (!TEST_true(evp_pkey_is_provided(pkey)))
+ goto err;
+ } else {
+ EVP_PKEY *tmp = pkey;
+
+ /* Convert to a legacy key */
+ pkey = EVP_PKEY_new();
+ if (!TEST_ptr(pkey)) {
+ pkey = tmp;
+ goto err;
+ }
+ if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
+ EVP_PKEY_free(tmp);
+ goto err;
+ }
+ EVP_PKEY_free(tmp);
+ if (!TEST_true(evp_pkey_is_legacy(pkey)))
+ goto err;
+ }
+
+ if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
+ || !TEST_ptr(pkey))
+ goto err;
+
+ EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
+ if (!TEST_int_eq(orig_id, id)
+ || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
+ goto err;
+
+ if (id == EVP_PKEY_ED25519) {
+ EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
+ } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
+ EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
+ } else {
+ EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
+ }
+ if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
+ EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
+ EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
+ EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
+ }
+ EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
+ if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
+ goto err;
+
+ if (doderive) {
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ if (!TEST_ptr(pctx)
+ || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
+ || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
+ EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
+ 1)
+ || !TEST_int_eq(ctrl_called, 1)
+ || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
+ || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
+ || !TEST_ptr(res = OPENSSL_malloc(reslen))
+ || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
+ goto err;
+ } else {
+ ctx = EVP_MD_CTX_new();
+ reslen = EVP_PKEY_size(pkey);
+ res = OPENSSL_malloc(reslen);
+ if (!TEST_ptr(ctx)
+ || !TEST_ptr(res)
+ || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
+ || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
+ EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
+ 1)
+ || !TEST_int_eq(ctrl_called, 1))
+ goto err;
+
+ if (id == EVP_PKEY_ED25519) {
+ if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
+ goto err;
+ } else {
+ if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
+ || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
+ goto err;
+ }
+ }
+
+ testresult = 1;
+ err:
+ OPENSSL_free(res);
+ EVP_MD_CTX_free(ctx);
+ if (doderive)
+ EVP_PKEY_CTX_free(pctx);
+ EVP_PKEY_free(pkey);
+ EVP_PKEY_meth_remove(custom_pmeth);
+ EVP_PKEY_meth_free(custom_pmeth);
+ custom_pmeth = NULL;
+ return testresult;
+}
+#endif
typedef enum OPTION_choice {
OPT_ERR = -1,
@@ -3488,6 +3812,10 @@ int setup_tests(void)
ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ ADD_ALL_TESTS(test_custom_pmeth, 12);
+#endif
+
return 1;
}
More information about the openssl-commits
mailing list