summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2021-03-29 15:57:23 +0000
committertb <>2021-03-29 15:57:23 +0000
commitd9dfab150e9c80a3bafbf4effd23e943ab9ba197 (patch)
treebf7d2d4408b27c2ebee7a4c8281f8986c9add8a9
parent2e8ea05ba51067fc5bc08b0749d727cb74a13b62 (diff)
downloadopenbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.gz
openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.tar.bz2
openbsd-d9dfab150e9c80a3bafbf4effd23e943ab9ba197.zip
Prepare to provide EVP_PKEY_new_CMAC_key()
sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
Diffstat
-rw-r--r--src/lib/libcrypto/evp/evp.h9
-rw-r--r--src/lib/libcrypto/evp/evp_err.c3
-rw-r--r--src/lib/libcrypto/evp/m_sigver.c41
-rw-r--r--src/lib/libcrypto/evp/p_lib.c51
4 files changed, 84 insertions, 20 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index f1fe8a1e34..ca51429fa0 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp.h,v 1.79 2020/04/27 19:31:02 tb Exp $ */ 1/* $OpenBSD: evp.h,v 1.80 2021/03/29 15:57:23 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1149,6 +1149,10 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
1149 1149
1150EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, 1150EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
1151 int keylen); 1151 int keylen);
1152#if defined(LIBRESSL_INTERNAL)
1153EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
1154 size_t len, const EVP_CIPHER *cipher);
1155#endif
1152 1156
1153void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); 1157void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
1154void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); 1158void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1512,6 +1516,9 @@ void ERR_load_EVP_strings(void);
1512#define EVP_R_INVALID_OPERATION 148 1516#define EVP_R_INVALID_OPERATION 148
1513#define EVP_R_IV_TOO_LARGE 102 1517#define EVP_R_IV_TOO_LARGE 102
1514#define EVP_R_KEYGEN_FAILURE 120 1518#define EVP_R_KEYGEN_FAILURE 120
1519#if defined(LIBRESSL_INTERNAL)
1520#define EVP_R_KEY_SETUP_FAILED 180
1521#endif
1515#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 1522#define EVP_R_MESSAGE_DIGEST_IS_NULL 159
1516#define EVP_R_METHOD_NOT_SUPPORTED 144 1523#define EVP_R_METHOD_NOT_SUPPORTED 144
1517#define EVP_R_MISSING_PARAMETERS 103 1524#define EVP_R_MISSING_PARAMETERS 103
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 2494cf5790..07ece82c3a 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_err.c,v 1.26 2020/04/27 19:31:02 tb Exp $ */ 1/* $OpenBSD: evp_err.c,v 1.27 2021/03/29 15:57:23 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -116,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
116 {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"}, 116 {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"},
117 {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"}, 117 {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"},
118 {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"}, 118 {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"},
119 {ERR_REASON(EVP_R_KEY_SETUP_FAILED) , "key setup failed"},
119 {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, 120 {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
120 {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"}, 121 {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"},
121 {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"}, 122 {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"},
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index 9e313c3630..f7dcaff418 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: m_sigver.c,v 1.7 2018/05/13 06:35:10 tb Exp $ */ 1/* $OpenBSD: m_sigver.c,v 1.8 2021/03/29 15:57:23 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -74,15 +74,17 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
74 if (ctx->pctx == NULL) 74 if (ctx->pctx == NULL)
75 return 0; 75 return 0;
76 76
77 if (type == NULL) { 77 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
78 int def_nid; 78 if (type == NULL) {
79 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) 79 int def_nid;
80 type = EVP_get_digestbynid(def_nid); 80 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
81 } 81 type = EVP_get_digestbynid(def_nid);
82 }
82 83
83 if (type == NULL) { 84 if (type == NULL) {
84 EVPerror(EVP_R_NO_DEFAULT_DIGEST); 85 EVPerror(EVP_R_NO_DEFAULT_DIGEST);
85 return 0; 86 return 0;
87 }
86 } 88 }
87 89
88 if (ver) { 90 if (ver) {
@@ -105,6 +107,8 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
105 return 0; 107 return 0;
106 if (pctx) 108 if (pctx)
107 *pctx = ctx->pctx; 109 *pctx = ctx->pctx;
110 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
111 return 1;
108 if (!EVP_DigestInit_ex(ctx, type, e)) 112 if (!EVP_DigestInit_ex(ctx, type, e))
109 return 0; 113 return 0;
110 return 1; 114 return 1;
@@ -127,7 +131,24 @@ EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
127int 131int
128EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) 132EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
129{ 133{
130 int sctx, r = 0; 134 EVP_PKEY_CTX *pctx = ctx->pctx;
135 int sctx;
136 int r = 0;
137
138 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
139 EVP_PKEY_CTX *dctx;
140
141 if (sigret == NULL)
142 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
143
144 /* XXX - support EVP_MD_CTX_FLAG_FINALISE? */
145 if ((dctx = EVP_PKEY_CTX_dup(ctx->pctx)) == NULL)
146 return 0;
147 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
148 EVP_PKEY_CTX_free(dctx);
149
150 return r;
151 }
131 152
132 if (ctx->pctx->pmeth->signctx) 153 if (ctx->pctx->pmeth->signctx)
133 sctx = 1; 154 sctx = 1;
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 13a9d65f28..9577b10ea1 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */ 1/* $OpenBSD: p_lib.c,v 1.26 2021/03/29 15:57:23 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,6 +61,7 @@
61#include <openssl/opensslconf.h> 61#include <openssl/opensslconf.h>
62 62
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/cmac.h>
64#include <openssl/err.h> 65#include <openssl/err.h>
65#include <openssl/evp.h> 66#include <openssl/evp.h>
66#include <openssl/objects.h> 67#include <openssl/objects.h>
@@ -216,10 +217,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
216 */ 217 */
217 218
218static int 219static int
219pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) 220pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
220{ 221{
221 const EVP_PKEY_ASN1_METHOD *ameth; 222 const EVP_PKEY_ASN1_METHOD *ameth;
222 ENGINE *e = NULL; 223 ENGINE **eptr = NULL;
224
225 if (e == NULL)
226 eptr = &e;
227
223 if (pkey) { 228 if (pkey) {
224 if (pkey->pkey.ptr) 229 if (pkey->pkey.ptr)
225 EVP_PKEY_free_it(pkey); 230 EVP_PKEY_free_it(pkey);
@@ -234,11 +239,11 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
234#endif 239#endif
235 } 240 }
236 if (str) 241 if (str)
237 ameth = EVP_PKEY_asn1_find_str(&e, str, len); 242 ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
238 else 243 else
239 ameth = EVP_PKEY_asn1_find(&e, type); 244 ameth = EVP_PKEY_asn1_find(eptr, type);
240#ifndef OPENSSL_NO_ENGINE 245#ifndef OPENSSL_NO_ENGINE
241 if (pkey == NULL) 246 if (pkey == NULL && eptr != NULL)
242 ENGINE_finish(e); 247 ENGINE_finish(e);
243#endif 248#endif
244 if (!ameth) { 249 if (!ameth) {
@@ -258,13 +263,43 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
258int 263int
259EVP_PKEY_set_type(EVP_PKEY *pkey, int type) 264EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
260{ 265{
261 return pkey_set_type(pkey, type, NULL, -1); 266 return pkey_set_type(pkey, NULL, type, NULL, -1);
267}
268
269EVP_PKEY *
270EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
271 const EVP_CIPHER *cipher)
272{
273 EVP_PKEY *ret = NULL;
274 CMAC_CTX *cmctx = NULL;
275
276 if ((ret = EVP_PKEY_new()) == NULL)
277 goto err;
278 if ((cmctx = CMAC_CTX_new()) == NULL)
279 goto err;
280
281 if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))
282 goto err;
283
284 if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
285 EVPerror(EVP_R_KEY_SETUP_FAILED);
286 goto err;
287 }
288
289 ret->pkey.ptr = (char *)cmctx;
290
291 return ret;
292
293 err:
294 EVP_PKEY_free(ret);
295 CMAC_CTX_free(cmctx);
296 return NULL;
262} 297}
263 298
264int 299int
265EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) 300EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
266{ 301{
267 return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); 302 return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
268} 303}
269 304
270int 305int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 07:41:55 +0000