Commit 5a285add authored by David Makepeace's avatar David Makepeace Committed by Richard Levitte
Browse files

Added new EVP/KDF API. 


Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
parent e0ae0585

CHANGES

+7 −0
Original line number Diff line number Diff line
@@ -9,6 +9,13 @@ 














 Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]



























  *) Added EVP_KDF, an EVP layer KDF API, to simplify adding KDF and PRF













     implementations.  This includes an EVP_PKEY to EVP_KDF bridge for













     those algorithms that were already supported through the EVP_PKEY API













     (scrypt, TLS1 PRF and HKDF).  The low-level KDF functions for PBKDF2













     and scrypt are now wrappers that call EVP_KDF.













     [David Makepeace]



























  *) Build devcrypto engine as a dynamic engine.















     [Eneas U de Queiroz]















































crypto/err/openssl.txt



+25
−0






























Original line number
Diff line number
Diff line








@@ -753,6 +753,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex













EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate















EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex















EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate













EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl













EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str













EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id















EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl















EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str















EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy










@@ -823,6 +826,7 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen













EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen















EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen















EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen













EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl















EVP_F_PKEY_MAC_INIT:214:pkey_mac_init















EVP_F_PKEY_SET_TYPE:158:pkey_set_type















EVP_F_POLY1305_CTRL:216:poly1305_ctrl









@@ -830,7 +834,25 @@ EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth













EVP_F_RC5_CTRL:125:rc5_ctrl















EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl















EVP_F_S390X_AES_GCM_TLS_CIPHER:208:s390x_aes_gcm_tls_cipher













EVP_F_SCRYPT_ALG:228:scrypt_alg















EVP_F_UPDATE:173:update













KDF_F_HKDF_EXTRACT:112:HKDF_Extract













KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive













KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new













KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size













KDF_F_KDF_MD2CTRL:116:kdf_md2ctrl













KDF_F_KDF_PBKDF2_CTRL_STR:117:kdf_pbkdf2_ctrl_str













KDF_F_KDF_PBKDF2_DERIVE:118:kdf_pbkdf2_derive













KDF_F_KDF_PBKDF2_NEW:119:kdf_pbkdf2_new













KDF_F_KDF_SCRYPT_CTRL_STR:120:kdf_scrypt_ctrl_str













KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32













KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64













KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive













KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new













KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str













KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive













KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new













KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf















KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str















KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive















KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init









@@ -842,6 +864,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf













KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str















KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive















KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init













KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf















KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg















OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object















OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid










@@ -2284,6 +2307,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported













EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\















	operation not supported for this keytype















EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized













EVP_R_PARAMETER_TOO_LARGE:187:parameter too large















EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers















EVP_R_PBKDF2_ERROR:181:pbkdf2 error















EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\










@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed













KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type















KDF_R_VALUE_ERROR:108:value error















KDF_R_VALUE_MISSING:102:value missing













KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size















OBJ_R_OID_EXISTS:102:oid exists















OBJ_R_UNKNOWN_NID:101:unknown nid















OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error

































crypto/evp/build.info



+2
−1






























Original line number
Diff line number
Diff line








@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\













        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \















        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \















        c_allc.c c_alld.c evp_lib.c bio_ok.c \













        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \













        evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \













        pkey_kdf.c \















        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \















        e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \















        e_chacha20_poly1305.c cmeth_lib.c \

































crypto/evp/e_chacha20_poly1305.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -14,8 +14,8 @@





























# include <openssl/evp.h>















# include <openssl/objects.h>













# include "evp_locl.h"















# include "internal/evp_int.h"













# include "evp_locl.h"















# include "internal/chacha.h"































typedef struct {

































crypto/evp/encode.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -11,8 +11,8 @@













#include <limits.h>















#include "internal/cryptlib.h"















#include <openssl/evp.h>













#include "evp_locl.h"















#include "internal/evp_int.h"













#include "evp_locl.h"































static unsigned char conv_ascii2bin(unsigned char a,















                                    const unsigned char *table);