The branch master has been updated
via c748c1147623beaf8ea3a33d5c4b1535f74baa16 (commit)
via 7d04be79dbd4cf47d2b079057f272b34c2256e8f (commit)
via 2ff9e7432d32c454ccc6c6b67442662baa335557 (commit)
via 23a9808c4c617ea48cdb7d0b0d9fdbcd107411ed (commit)
via 4e8cb45c095aaf9317bc62b7787af66217663a48 (commit)
via cd8e4decf79985ffe586c4ccdd35e897f3ac703a (commit)
via 99119000add47e4d1d9241f4e76f57d98439a766 (commit)
from e9b1c42f753fcb90eee70a12b0ac832951d7ac0b (commit)
- Log -----------------------------------------------------------------
commit c748c1147623beaf8ea3a33d5c4b1535f74baa16
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 22:15:02 2016 +0000
make update
Reviewed-by: Rich Salz <[email protected]>
commit 7d04be79dbd4cf47d2b079057f272b34c2256e8f
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 18:04:42 2016 +0000
Generalise KDF test in evp_test.c
Reviewed-by: Rich Salz <[email protected]>
commit 2ff9e7432d32c454ccc6c6b67442662baa335557
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 16:22:25 2016 +0000
Convert PRF tests to use Ctrl
Reviewed-by: Rich Salz <[email protected]>
commit 23a9808c4c617ea48cdb7d0b0d9fdbcd107411ed
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 15:08:18 2016 +0000
Add Ctrl keyword to KDF test in evp_test
Reviewed-by: Rich Salz <[email protected]>
commit 4e8cb45c095aaf9317bc62b7787af66217663a48
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 14:58:33 2016 +0000
Add string ctrl operations to TLS1 PRF, update documentation.
Reviewed-by: Rich Salz <[email protected]>
commit cd8e4decf79985ffe586c4ccdd35e897f3ac703a
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 14:56:02 2016 +0000
Use utility functions for HMAC and CMAC.
Reviewed-by: Rich Salz <[email protected]>
commit 99119000add47e4d1d9241f4e76f57d98439a766
Author: Dr. Stephen Henson <[email protected]>
Date: Tue Mar 1 14:47:15 2016 +0000
EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().
Reviewed-by: Rich Salz <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
crypto/cmac/cm_pmeth.c | 19 ++++------------
crypto/evp/pmeth_lib.c | 29 ++++++++++++++++++++++++
crypto/hmac/hm_pmeth.c | 19 ++++------------
crypto/kdf/tls1_prf.c | 27 +++++++++++++++++++++-
doc/crypto/EVP_PKEY_TLS1_PRF.pod | 11 ++++++++-
include/openssl/evp.h | 3 +++
test/evp_test.c | 33 +++------------------------
test/evptests.txt | 48 ++++++++++++++++++++--------------------
util/libeay.num | 2 ++
9 files changed, 105 insertions(+), 86 deletions(-)
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
index 4e060f3..f00a32e 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -157,10 +157,6 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
if (!value) {
return 0;
}
- if (strcmp(type, "key") == 0) {
- void *p = (void *)value;
- return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p);
- }
if (strcmp(type, "cipher") == 0) {
const EVP_CIPHER *c;
c = EVP_get_cipherbyname(value);
@@ -168,17 +164,10 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
return 0;
return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
}
- if (strcmp(type, "hexkey") == 0) {
- unsigned char *key;
- int r;
- long keylen;
- key = string_to_hex(value, &keylen);
- if (!key)
- return 0;
- r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
- OPENSSL_free(key);
- return r;
- }
+ if (strcmp(type, "key") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
return -2;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 72baaa9..44a6a05 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -63,8 +63,10 @@
# include <openssl/engine.h>
#endif
#include <openssl/evp.h>
+#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
+#include "internal/numbers.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@@ -381,6 +383,33 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
return ctx->pmeth->ctrl_str(ctx, name, value);
}
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+ size_t len;
+
+ len = strlen(str);
+ if (len > INT_MAX)
+ return -1;
+ return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+ unsigned char *bin;
+ long binlen;
+ int rv = -1;
+
+ bin = string_to_hex(hex, &binlen);
+ if (bin == NULL)
+ return 0;
+ if (binlen <= INT_MAX)
+ rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+ OPENSSL_free(bin);
+ return rv;
+}
+
int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
{
return ctx->operation;
diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
index 41013bc..268b48d 100644
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -206,21 +206,10 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
if (!value) {
return 0;
}
- if (strcmp(type, "key") == 0) {
- void *p = (void *)value;
- return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
- }
- if (strcmp(type, "hexkey") == 0) {
- unsigned char *key;
- int r;
- long keylen;
- key = string_to_hex(value, &keylen);
- if (!key)
- return 0;
- r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
- OPENSSL_free(key);
- return r;
- }
+ if (strcmp(type, "key") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+ if (strcmp(type, "hexkey") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
return -2;
}
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index 374c6e4..1302eb0 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -138,6 +138,31 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type,
int p1, void *p2)
}
}
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+ const char *type, const char *value)
+{
+ if (value == NULL)
+ return 0;
+ if (strcmp(type, "md") == 0) {
+ TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+ const EVP_MD *md = EVP_get_digestbyname(value);
+ if (md == NULL)
+ return 0;
+ kctx->md = md;
+ return 1;
+ }
+ if (strcmp(type, "secret") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+ if (strcmp(type, "hexsecret") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+ if (strcmp(type, "seed") == 0)
+ return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+ if (strcmp(type, "hexseed") == 0)
+ return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+ return -2;
+}
+
static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@@ -176,7 +201,7 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
0,
pkey_tls1_prf_derive,
pkey_tls1_prf_ctrl,
- 0
+ pkey_tls1_prf_ctrl_str
};
static int tls1_prf_P_hash(const EVP_MD *md,
diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
index 8e9ff5a..e2a695d 100644
--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
@@ -33,6 +33,14 @@ and any seed is reset.
EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
If a seed is already set it is appended to the existing value.
+=head1 STRING CTRLS
+
+The TLS PRF also supports string based control operations using
+EVP_PKEY_CTX_ctrl_str(). The B<type> parameters "secret" and "seed" use
+the supplied B<value> parameter as a secret or seed value. The names
+"hexsecret" and "hexseed" are similar except they take a hex string which
+is converted to binary.
+
=head1 NOTES
All these functions are implemented as macros.
@@ -82,6 +90,7 @@ and seed value "seed":
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_derive(3)>,
+L<EVP_PKEY_CTX_ctrl(3)>,
+L<EVP_PKEY_derive(3)>
=cut
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d71429e..44ca1f3 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1224,6 +1224,9 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int
optype,
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
diff --git a/test/evp_test.c b/test/evp_test.c
index 6bc3a8a..bda7f69 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1739,9 +1739,7 @@ static const struct evp_test_method encode_test_method = {
encode_test_run,
};
-/*
- * KDF operations: initially just TLS1 PRF but can be adapted.
- */
+/* KDF operations */
struct kdf_data {
/* Context for this operation */
@@ -1780,39 +1778,14 @@ static void kdf_test_cleanup(struct evp_test *t)
EVP_PKEY_CTX_free(kdata->ctx);
}
-static int kdf_ctrl(EVP_PKEY_CTX *ctx, int op, const char *value)
-{
- unsigned char *buf = NULL;
- size_t buf_len;
- int rv = 0;
- if (test_bin(value, &buf, &buf_len) == 0)
- return 0;
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, op, buf_len, buf) <= 0)
- goto err;
- rv = 1;
- err:
- OPENSSL_free(buf);
- return rv;
-}
-
static int kdf_test_parse(struct evp_test *t,
const char *keyword, const char *value)
{
struct kdf_data *kdata = t->data;
if (strcmp(keyword, "Output") == 0)
return test_bin(value, &kdata->output, &kdata->output_len);
- else if (strcmp(keyword, "MD") == 0) {
- const EVP_MD *md = EVP_get_digestbyname(value);
- if (md == NULL)
- return 0;
- if (EVP_PKEY_CTX_set_tls1_prf_md(kdata->ctx, md) <= 0)
- return 0;
- return 1;
- } else if (strcmp(keyword, "Secret") == 0) {
- return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
- } else if (strncmp("Seed", keyword, 4) == 0) {
- return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SEED, value);
- }
+ if (strncmp(keyword, "Ctrl", 4) == 0)
+ return pkey_test_ctrl(kdata->ctx, value);
return 0;
}
diff --git a/test/evptests.txt b/test/evptests.txt
index 4c83163..b041344 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2974,48 +2974,48 @@ Ciphertext =
64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6
# TLS1 PRF tests, from NIST test vectors
KDF=TLS1-PRF
-MD=MD5-SHA1
-Secret =
bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
-Seed.label = "master secret"
-Seed.client_random =
e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
-Seed.server_random =
135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret =
hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
+Ctrl.label = seed:master secret
+Ctrl.client_random =
hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
+Ctrl.server_random =
hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
Output =
2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
KDF=TLS1-PRF
-MD=MD5-SHA1
-Secret =
2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
-Seed.label = "key expansion"
-Seed.server_random =
67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
-Seed.client_random =
d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret =
hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
+Ctrl.label = seed:key expansion
+Ctrl.server_random =
hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
+Ctrl.client_random =
hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
Output =
3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
KDF=TLS1-PRF
-MD=SHA256
-Secret =
f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
-Seed.label = "master secret"
-Seed.client_random =
36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
-Seed.server_random =
f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Ctrl.md = md:SHA256
+Ctrl.Secret =
hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:master secret
+Ctrl.client_random =
hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random =
hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output =
202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
KDF=TLS1-PRF
-MD=SHA256
-Secret =
202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-Seed.label = "key expansion"
-Seed.server_random =
ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-Seed.client_random =
62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
+Ctrl.md = md:SHA256
+Ctrl.Secret =
hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+Ctrl.label = seed:key expansion
+Ctrl.server_random =
hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
+Ctrl.client_random =
hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
Output =
d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
# Missing digest.
KDF=TLS1-PRF
-Secret = 01
-Seed = 02
+Ctrl.Secret = hexsecret:01
+Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR
# Missing secret.
KDF=TLS1-PRF
-MD=MD5-SHA1
-Seed = 02
+Ctrl.md = md:MD5-SHA1
+Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR
diff --git a/util/libeay.num b/util/libeay.num
index d49fd74..3033574 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4801,3 +4801,5 @@ CT_POLICY_EVAL_CTX_set0_cert 5304 1_1_0
EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_get0_log_store 5305 1_1_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_free 5306 1_1_0 EXIST::FUNCTION:
CT_verify_no_bad_scts 5307 1_1_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_hex2ctrl 5308 1_1_0 EXIST::FUNCTION:
+EVP_PKEY_CTX_str2ctrl 5309 1_1_0 EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
