2019-06-27 10:48:17 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include "internal/refcount.h"
|
2019-09-28 00:45:33 +02:00
|
|
|
#include "crypto/evp.h"
|
2019-06-27 10:48:17 +01:00
|
|
|
#include "internal/provider.h"
|
2019-08-09 21:38:42 +10:00
|
|
|
#include "internal/numbers.h" /* includes SIZE_MAX */
|
2019-09-28 00:45:40 +02:00
|
|
|
#include "evp_local.h"
|
2019-06-27 10:48:17 +01:00
|
|
|
|
|
|
|
|
static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
|
|
|
|
|
{
|
|
|
|
|
EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
|
|
|
|
|
|
2019-11-26 17:14:08 +00:00
|
|
|
if (exchange == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-27 10:48:17 +01:00
|
|
|
exchange->lock = CRYPTO_THREAD_lock_new();
|
|
|
|
|
if (exchange->lock == NULL) {
|
2019-11-26 17:14:08 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
2019-06-27 10:48:17 +01:00
|
|
|
OPENSSL_free(exchange);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
exchange->prov = prov;
|
|
|
|
|
ossl_provider_up_ref(prov);
|
|
|
|
|
exchange->refcnt = 1;
|
|
|
|
|
|
|
|
|
|
return exchange;
|
|
|
|
|
}
|
|
|
|
|
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 16:22:19 +02:00
|
|
|
static void *evp_keyexch_from_dispatch(int name_id,
|
2019-07-10 22:22:16 +02:00
|
|
|
const OSSL_DISPATCH *fns,
|
2019-10-31 12:10:01 +01:00
|
|
|
OSSL_PROVIDER *prov)
|
2019-06-27 10:48:17 +01:00
|
|
|
{
|
|
|
|
|
EVP_KEYEXCH *exchange = NULL;
|
2019-12-15 00:20:53 +02:00
|
|
|
int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
|
2019-06-27 10:48:17 +01:00
|
|
|
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 16:22:19 +02:00
|
|
|
if ((exchange = evp_keyexch_new(prov)) == NULL) {
|
2019-08-23 14:03:28 +02:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
goto err;
|
2019-07-10 22:22:16 +02:00
|
|
|
}
|
2019-06-27 10:48:17 +01:00
|
|
|
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 16:22:19 +02:00
|
|
|
exchange->name_id = name_id;
|
2019-08-23 14:03:28 +02:00
|
|
|
|
2019-06-27 10:48:17 +01:00
|
|
|
for (; fns->function_id != 0; fns++) {
|
|
|
|
|
switch (fns->function_id) {
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_NEWCTX:
|
|
|
|
|
if (exchange->newctx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->newctx = OSSL_get_OP_keyexch_newctx(fns);
|
|
|
|
|
fncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_INIT:
|
|
|
|
|
if (exchange->init != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->init = OSSL_get_OP_keyexch_init(fns);
|
|
|
|
|
fncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_SET_PEER:
|
|
|
|
|
if (exchange->set_peer != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns);
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_DERIVE:
|
|
|
|
|
if (exchange->derive != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->derive = OSSL_get_OP_keyexch_derive(fns);
|
|
|
|
|
fncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_FREECTX:
|
|
|
|
|
if (exchange->freectx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->freectx = OSSL_get_OP_keyexch_freectx(fns);
|
|
|
|
|
fncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_DUPCTX:
|
|
|
|
|
if (exchange->dupctx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
|
|
|
|
|
break;
|
2019-12-15 00:20:53 +02:00
|
|
|
case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
|
|
|
|
|
if (exchange->get_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->get_ctx_params = OSSL_get_OP_keyexch_get_ctx_params(fns);
|
|
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
|
|
|
|
|
if (exchange->gettable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->gettable_ctx_params
|
|
|
|
|
= OSSL_get_OP_keyexch_gettable_ctx_params(fns);
|
|
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
2019-09-04 12:46:02 +01:00
|
|
|
case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
|
|
|
|
|
if (exchange->set_ctx_params != NULL)
|
2019-06-27 16:37:44 +01:00
|
|
|
break;
|
2019-09-04 12:46:02 +01:00
|
|
|
exchange->set_ctx_params = OSSL_get_OP_keyexch_set_ctx_params(fns);
|
2019-12-15 00:20:53 +02:00
|
|
|
sparamfncnt++;
|
2019-09-04 12:46:02 +01:00
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
|
|
|
|
|
if (exchange->settable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
exchange->settable_ctx_params
|
|
|
|
|
= OSSL_get_OP_keyexch_settable_ctx_params(fns);
|
2019-12-15 00:20:53 +02:00
|
|
|
sparamfncnt++;
|
2019-06-27 16:37:44 +01:00
|
|
|
break;
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
}
|
2019-12-15 00:20:53 +02:00
|
|
|
if (fncnt != 4
|
|
|
|
|
|| (gparamfncnt != 0 && gparamfncnt != 2)
|
|
|
|
|
|| (sparamfncnt != 0 && sparamfncnt != 2)) {
|
2019-06-27 10:48:17 +01:00
|
|
|
/*
|
|
|
|
|
* In order to be a consistent set of functions we must have at least
|
|
|
|
|
* a complete set of "exchange" functions: init, derive, newctx,
|
2019-09-04 12:46:02 +01:00
|
|
|
* and freectx. The set_ctx_params and settable_ctx_params functions are
|
|
|
|
|
* optional, but if one of them is present then the other one must also
|
2019-12-15 00:20:53 +02:00
|
|
|
* be present. Same goes for get_ctx_params and gettable_ctx_params.
|
|
|
|
|
* The dupctx and set_peer functions are optional.
|
2019-06-27 10:48:17 +01:00
|
|
|
*/
|
|
|
|
|
EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
|
|
|
|
|
EVP_R_INVALID_PROVIDER_FUNCTIONS);
|
2019-08-23 14:03:28 +02:00
|
|
|
goto err;
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return exchange;
|
2019-08-23 14:03:28 +02:00
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
EVP_KEYEXCH_free(exchange);
|
|
|
|
|
return NULL;
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
|
|
|
|
|
{
|
|
|
|
|
if (exchange != NULL) {
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
|
|
|
|
|
if (i > 0)
|
|
|
|
|
return;
|
|
|
|
|
ossl_provider_free(exchange->prov);
|
|
|
|
|
CRYPTO_THREAD_lock_free(exchange->lock);
|
|
|
|
|
OPENSSL_free(exchange);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
|
|
|
|
|
{
|
|
|
|
|
int ref = 0;
|
|
|
|
|
|
|
|
|
|
CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-07 10:56:46 +02:00
|
|
|
OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange)
|
|
|
|
|
{
|
|
|
|
|
return exchange->prov;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-27 10:48:17 +01:00
|
|
|
EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
|
|
|
|
|
const char *properties)
|
|
|
|
|
{
|
2019-10-31 12:10:01 +01:00
|
|
|
return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
|
|
|
|
|
evp_keyexch_from_dispatch,
|
|
|
|
|
(int (*)(void *))EVP_KEYEXCH_up_ref,
|
|
|
|
|
(void (*)(void *))EVP_KEYEXCH_free);
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
2019-10-30 18:03:07 +01:00
|
|
|
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
|
2019-06-27 10:48:17 +01:00
|
|
|
{
|
|
|
|
|
int ret;
|
2019-07-07 10:56:46 +02:00
|
|
|
void *provkey = NULL;
|
2019-10-30 18:03:07 +01:00
|
|
|
EVP_KEYEXCH *exchange = NULL;
|
2020-01-14 14:11:47 +01:00
|
|
|
EVP_KEYMGMT *tmp_keymgmt = NULL;
|
|
|
|
|
const char *supported_exch = NULL;
|
2019-10-30 18:03:07 +01:00
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
|
|
|
|
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
2019-06-27 10:48:17 +01:00
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
2019-06-27 10:48:17 +01:00
|
|
|
ctx->operation = EVP_PKEY_OP_DERIVE;
|
|
|
|
|
|
2020-01-10 17:50:03 +01:00
|
|
|
/*
|
|
|
|
|
* TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
|
|
|
|
|
* calls can be removed.
|
|
|
|
|
*/
|
|
|
|
|
ERR_set_mark();
|
|
|
|
|
|
2019-12-18 13:24:27 +01:00
|
|
|
if (ctx->engine != NULL || ctx->keytype == NULL)
|
2019-06-27 10:48:17 +01:00
|
|
|
goto legacy;
|
|
|
|
|
|
2020-01-14 14:11:47 +01:00
|
|
|
/* Ensure that the key is provided. If not, go legacy */
|
|
|
|
|
tmp_keymgmt = ctx->keymgmt;
|
|
|
|
|
provkey = evp_pkey_make_provided(ctx->pkey, ctx->libctx,
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-02 18:56:07 +01:00
|
|
|
&tmp_keymgmt, ctx->propquery);
|
2020-01-14 14:11:47 +01:00
|
|
|
if (provkey == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
|
2020-01-10 17:50:03 +01:00
|
|
|
ERR_clear_last_mark();
|
2020-01-14 14:11:47 +01:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
2019-10-30 18:03:07 +01:00
|
|
|
}
|
2020-01-14 14:11:47 +01:00
|
|
|
EVP_KEYMGMT_free(ctx->keymgmt);
|
|
|
|
|
ctx->keymgmt = tmp_keymgmt;
|
|
|
|
|
|
|
|
|
|
if (ctx->keymgmt->query_operation_name != NULL)
|
|
|
|
|
supported_exch = ctx->keymgmt->query_operation_name(OSSL_OP_KEYEXCH);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we didn't get a supported exch, assume there is one with the
|
|
|
|
|
* same name as the key type.
|
|
|
|
|
*/
|
|
|
|
|
if (supported_exch == NULL)
|
|
|
|
|
supported_exch = ctx->keytype;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Because we cleared out old ops, we shouldn't need to worry about
|
|
|
|
|
* checking if exchange is already there.
|
|
|
|
|
*/
|
|
|
|
|
exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);
|
|
|
|
|
|
|
|
|
|
if (exchange == NULL
|
2019-10-30 18:03:07 +01:00
|
|
|
|| (EVP_KEYMGMT_provider(ctx->keymgmt)
|
|
|
|
|
!= EVP_KEYEXCH_provider(exchange))) {
|
2019-06-27 10:48:17 +01:00
|
|
|
/*
|
2020-01-10 17:50:03 +01:00
|
|
|
* We don't need to free ctx->keymgmt here, as it's not necessarily
|
|
|
|
|
* tied to this operation. It will be freed by EVP_PKEY_CTX_free().
|
2019-06-27 10:48:17 +01:00
|
|
|
*/
|
2019-10-30 18:03:07 +01:00
|
|
|
EVP_KEYEXCH_free(exchange);
|
|
|
|
|
goto legacy;
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-10 17:50:03 +01:00
|
|
|
/*
|
|
|
|
|
* TODO remove this when legacy is gone
|
|
|
|
|
* If we don't have the full support we need with provided methods,
|
|
|
|
|
* let's go see if legacy does.
|
|
|
|
|
*/
|
|
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
|
|
|
|
|
/* No more legacy from here down to legacy: */
|
2019-10-30 18:03:07 +01:00
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
ctx->op.kex.exchange = exchange;
|
|
|
|
|
ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
|
|
|
|
|
if (ctx->op.kex.exchprovctx == NULL) {
|
2019-07-07 10:56:46 +02:00
|
|
|
/* The provider key can stay in the cache */
|
2019-10-30 18:03:07 +01:00
|
|
|
EVPerr(0, EVP_R_INITIALIZATION_ERROR);
|
2019-06-27 10:48:17 +01:00
|
|
|
goto err;
|
|
|
|
|
}
|
2019-09-04 23:13:25 +01:00
|
|
|
ret = exchange->init(ctx->op.kex.exchprovctx, provkey);
|
2019-06-27 10:48:17 +01:00
|
|
|
|
|
|
|
|
return ret ? 1 : 0;
|
|
|
|
|
err:
|
|
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
legacy:
|
2020-01-10 17:50:03 +01:00
|
|
|
/*
|
|
|
|
|
* TODO remove this when legacy is gone
|
|
|
|
|
* If we don't have the full support we need with provided methods,
|
|
|
|
|
* let's go see if legacy does.
|
|
|
|
|
*/
|
|
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
|
2020-01-23 20:33:28 +10:00
|
|
|
#ifdef FIPS_MODE
|
|
|
|
|
return 0;
|
|
|
|
|
#else
|
2020-01-07 11:49:08 +01:00
|
|
|
if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
|
2019-10-30 18:03:07 +01:00
|
|
|
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-06-27 10:48:17 +01:00
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->pmeth->derive_init == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
ret = ctx->pmeth->derive_init(ctx);
|
|
|
|
|
if (ret <= 0)
|
|
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
|
|
|
|
return ret;
|
2020-01-23 20:33:28 +10:00
|
|
|
#endif
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
|
|
|
|
|
{
|
2020-01-23 20:33:28 +10:00
|
|
|
int ret = 0;
|
2019-07-07 10:56:46 +02:00
|
|
|
void *provkey = NULL;
|
2019-06-27 10:48:17 +01:00
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL)
|
2019-06-27 10:48:17 +01:00
|
|
|
goto legacy;
|
|
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
if (ctx->op.kex.exchange->set_peer == NULL) {
|
2019-06-27 10:48:17 +01:00
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-12 14:28:50 +01:00
|
|
|
provkey = evp_pkey_make_provided(peer, ctx->libctx, &ctx->keymgmt,
|
|
|
|
|
ctx->propquery);
|
|
|
|
|
/*
|
|
|
|
|
* If making the key provided wasn't possible, legacy may be able to pick
|
|
|
|
|
* it up
|
|
|
|
|
*/
|
2020-01-07 11:49:08 +01:00
|
|
|
if (provkey == NULL)
|
|
|
|
|
goto legacy;
|
2019-09-04 23:13:25 +01:00
|
|
|
return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
|
2019-06-27 10:48:17 +01:00
|
|
|
|
|
|
|
|
legacy:
|
2020-01-23 20:33:28 +10:00
|
|
|
#ifdef FIPS_MODE
|
|
|
|
|
return ret;
|
|
|
|
|
#else
|
2020-02-12 14:28:50 +01:00
|
|
|
/*
|
|
|
|
|
* TODO(3.0) investigate the case where the operation is deemed legacy,
|
|
|
|
|
* but the given peer key is provider only.
|
|
|
|
|
*/
|
2019-06-27 10:48:17 +01:00
|
|
|
if (ctx->pmeth == NULL
|
|
|
|
|
|| !(ctx->pmeth->derive != NULL
|
|
|
|
|
|| ctx->pmeth->encrypt != NULL
|
|
|
|
|
|| ctx->pmeth->decrypt != NULL)
|
|
|
|
|
|| ctx->pmeth->ctrl == NULL) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
if (ctx->operation != EVP_PKEY_OP_DERIVE
|
|
|
|
|
&& ctx->operation != EVP_PKEY_OP_ENCRYPT
|
|
|
|
|
&& ctx->operation != EVP_PKEY_OP_DECRYPT) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
|
|
|
|
|
EVP_R_OPERATON_NOT_INITIALIZED);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
|
|
|
|
|
|
|
|
|
|
if (ret <= 0)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
if (ret == 2)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
if (ctx->pkey == NULL) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->pkey->type != peer->type) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* For clarity. The error is if parameters in peer are
|
|
|
|
|
* present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
|
|
|
|
|
* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
|
|
|
|
|
* (different key types) is impossible here because it is checked earlier.
|
|
|
|
|
* -2 is OK for us here, as well as 1, so we can check for 0 only.
|
|
|
|
|
*/
|
|
|
|
|
if (!EVP_PKEY_missing_parameters(peer) &&
|
|
|
|
|
!EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EVP_PKEY_free(ctx->peerkey);
|
|
|
|
|
ctx->peerkey = peer;
|
|
|
|
|
|
|
|
|
|
ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
|
|
|
|
|
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
ctx->peerkey = NULL;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EVP_PKEY_up_ref(peer);
|
|
|
|
|
return 1;
|
2020-01-23 20:33:28 +10:00
|
|
|
#endif
|
2019-06-27 10:48:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
|
2019-06-27 10:48:17 +01:00
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
if (ctx->op.kex.exchprovctx == NULL)
|
2019-06-27 10:48:17 +01:00
|
|
|
goto legacy;
|
|
|
|
|
|
2019-09-04 23:13:25 +01:00
|
|
|
ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
|
|
|
|
|
SIZE_MAX);
|
2019-06-27 10:48:17 +01:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
legacy:
|
|
|
|
|
if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
|
|
|
|
|
EVPerr(EVP_F_EVP_PKEY_DERIVE,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
|
|
|
|
|
return ctx->pmeth->derive(ctx, key, pkeylen);
|
|
|
|
|
}
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 10:33:26 +02:00
|
|
|
|
2019-09-23 11:16:21 +02:00
|
|
|
int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch)
|
|
|
|
|
{
|
|
|
|
|
return keyexch->name_id;
|
|
|
|
|
}
|
|
|
|
|
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 10:33:26 +02:00
|
|
|
int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name)
|
|
|
|
|
{
|
2020-01-15 01:04:37 +01:00
|
|
|
return evp_is_a(keyexch->prov, keyexch->name_id, NULL, name);
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 10:33:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx,
|
|
|
|
|
void (*fn)(EVP_KEYEXCH *keyexch, void *arg),
|
|
|
|
|
void *arg)
|
|
|
|
|
{
|
|
|
|
|
evp_generic_do_all(libctx, OSSL_OP_KEYEXCH,
|
|
|
|
|
(void (*)(void *, void *))fn, arg,
|
2019-10-31 12:10:01 +01:00
|
|
|
evp_keyexch_from_dispatch,
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 10:33:26 +02:00
|
|
|
(void (*)(void *))EVP_KEYEXCH_free);
|
|
|
|
|
}
|
2019-09-23 10:56:13 +02:00
|
|
|
|
|
|
|
|
void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch,
|
|
|
|
|
void (*fn)(const char *name, void *data),
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
if (keyexch->prov != NULL)
|
|
|
|
|
evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data);
|
|
|
|
|
}
|
