提交 d59d853a 编写于 作者: D Dr. Stephen Henson

Add RFC7919 support to EVP

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4485)
上级 b6eae147
...@@ -29,6 +29,7 @@ typedef struct { ...@@ -29,6 +29,7 @@ typedef struct {
/* message digest used for parameter generation */ /* message digest used for parameter generation */
const EVP_MD *md; const EVP_MD *md;
int rfc5114_param; int rfc5114_param;
int param_nid;
/* Keygen callback info */ /* Keygen callback info */
int gentmp[2]; int gentmp[2];
/* KDF (if any) to use for DH */ /* KDF (if any) to use for DH */
...@@ -87,6 +88,7 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ...@@ -87,6 +88,7 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
dctx->use_dsa = sctx->use_dsa; dctx->use_dsa = sctx->use_dsa;
dctx->md = sctx->md; dctx->md = sctx->md;
dctx->rfc5114_param = sctx->rfc5114_param; dctx->rfc5114_param = sctx->rfc5114_param;
dctx->param_nid = sctx->param_nid;
dctx->kdf_type = sctx->kdf_type; dctx->kdf_type = sctx->kdf_type;
dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
...@@ -137,11 +139,17 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ...@@ -137,11 +139,17 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1; return 1;
case EVP_PKEY_CTRL_DH_RFC5114: case EVP_PKEY_CTRL_DH_RFC5114:
if (p1 < 1 || p1 > 3) if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef)
return -2; return -2;
dctx->rfc5114_param = p1; dctx->rfc5114_param = p1;
return 1; return 1;
case EVP_PKEY_CTRL_DH_NID:
if (p1 <= 0 || dctx->rfc5114_param != 0)
return -2;
dctx->param_nid = p1;
return 1;
case EVP_PKEY_CTRL_PEER_KEY: case EVP_PKEY_CTRL_PEER_KEY:
/* Default behaviour is OK */ /* Default behaviour is OK */
return 1; return 1;
...@@ -221,6 +229,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, ...@@ -221,6 +229,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
dctx->rfc5114_param = len; dctx->rfc5114_param = len;
return 1; return 1;
} }
if (strcmp(type, "dh_param") == 0) {
DH_PKEY_CTX *dctx = ctx->data;
int nid = OBJ_sn2nid(value);
if (nid == NID_undef) {
DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME);
return -2;
}
dctx->param_nid = nid;
return 1;
}
if (strcmp(type, "dh_paramgen_generator") == 0) { if (strcmp(type, "dh_paramgen_generator") == 0) {
int len; int len;
len = atoi(value); len = atoi(value);
...@@ -320,6 +339,13 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ...@@ -320,6 +339,13 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
return 1; return 1;
} }
if (dctx->param_nid != 0) {
if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
return 0;
EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh);
return 1;
}
if (ctx->pkey_gencb) { if (ctx->pkey_gencb) {
pcb = BN_GENCB_new(); pcb = BN_GENCB_new();
if (pcb == NULL) if (pcb == NULL)
...@@ -359,17 +385,22 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ...@@ -359,17 +385,22 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{ {
DH_PKEY_CTX *dctx = ctx->data;
DH *dh = NULL; DH *dh = NULL;
if (ctx->pkey == NULL) {
if (ctx->pkey == NULL && dctx->param_nid == 0) {
DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
return 0; return 0;
} }
dh = DH_new(); if (dctx->param_nid != 0)
dh = DH_new_by_nid(dctx->param_nid);
else
dh = DH_new();
if (dh == NULL) if (dh == NULL)
return 0; return 0;
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
/* Note: if error return, pkey is freed by parent routine */ /* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0; return 0;
return DH_generate_key(pkey->pkey.dh); return DH_generate_key(pkey->pkey.dh);
} }
......
...@@ -242,6 +242,11 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, ...@@ -242,6 +242,11 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_DH_NID, nid, NULL)
# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \ EVP_PKEY_OP_DERIVE, \
...@@ -306,6 +311,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, ...@@ -306,6 +311,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) # define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) # define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) # define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
/* KDF types */ /* KDF types */
# define EVP_PKEY_DH_KDF_NONE 1 # define EVP_PKEY_DH_KDF_NONE 1
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册