Commit cefa762e authored by Johannes Bauer's avatar Johannes Bauer Committed by Dr. Stephen Henson
Browse files

Add interface to the scrypt KDF by means of PKEY_METHOD 



Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarStephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)
parent 9ed79d8e

crypto/err/openssl.txt

+7 −0
Original line number Diff line number Diff line
@@ -703,6 +703,9 @@ EVP_F_RC5_CTRL:125:rc5_ctrl 
EVP_F_UPDATE:173:update

KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str

KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive

KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str

KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64

KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive

KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str

KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive

OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
@@ -1966,12 +1969,16 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type 
EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed

EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length

KDF_R_INVALID_DIGEST:100:invalid digest

KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count

KDF_R_MISSING_KEY:104:missing key

KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest

KDF_R_MISSING_PARAMETER:101:missing parameter

KDF_R_MISSING_PASS:110:missing pass

KDF_R_MISSING_SALT:111:missing salt

KDF_R_MISSING_SECRET:107:missing secret

KDF_R_MISSING_SEED:106:missing seed

KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type

KDF_R_VALUE_ERROR:108:value error

KDF_R_VALUE_MISSING:102:value missing

OBJ_R_OID_EXISTS:102:oid exists

OBJ_R_UNKNOWN_NID:101:unknown nid

crypto/evp/pmeth_lib.c

+10 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); 


static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;



/* This array needs to be in order of NIDs */

static const EVP_PKEY_METHOD *standard_methods[] = {

#ifndef OPENSSL_NO_RSA

    &rsa_pkey_meth,
@@ -43,6 +44,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = { 
#endif

#ifndef OPENSSL_NO_DH

    &dhx_pkey_meth,

#endif

#ifndef OPENSSL_NO_SCRYPT

    &scrypt_pkey_meth,

#endif

    &tls1_prf_pkey_meth,

#ifndef OPENSSL_NO_EC
@@ -355,6 +359,12 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, 


}



int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,

                                int cmd, uint64_t value)

{

    return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);

}



int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,

                          const char *name, const char *value)

{

crypto/include/internal/evp_int.h

+1 −0
Original line number Diff line number Diff line
@@ -91,6 +91,7 @@ extern const EVP_PKEY_METHOD ed25519_pkey_meth; 
extern const EVP_PKEY_METHOD hmac_pkey_meth;

extern const EVP_PKEY_METHOD rsa_pkey_meth;

extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;

extern const EVP_PKEY_METHOD scrypt_pkey_meth;

extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;

extern const EVP_PKEY_METHOD hkdf_pkey_meth;

extern const EVP_PKEY_METHOD poly1305_pkey_meth;

crypto/kdf/build.info

+1 −1
Original line number Diff line number Diff line 
LIBS=../../libcrypto

SOURCE[../../libcrypto]=\

        tls1_prf.c kdf_err.c hkdf.c
 
        tls1_prf.c kdf_err.c hkdf.c scrypt.c

crypto/kdf/kdf_err.c

+10 −0
Original line number Diff line number Diff line
@@ -16,6 +16,11 @@ 
static const ERR_STRING_DATA KDF_str_functs[] = {

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0),

     "pkey_scrypt_ctrl_str"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),

     "pkey_scrypt_ctrl_uint64"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),

     "pkey_tls1_prf_ctrl_str"},

    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
@@ -25,14 +30,19 @@ static const ERR_STRING_DATA KDF_str_functs[] = { 


static const ERR_STRING_DATA KDF_str_reasons[] = {

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT),

    "missing iteration count"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),

    "missing message digest"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),

    "unknown parameter type"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},

    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},

    {0, NULL}

};