EVP module documentation pass (ffd89124) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -9,6 +9,11 @@

	Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]		Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]

			*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
			the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
			are retained for backwards compatibility.
			[Antoine Salon]

	*) AES-XTS mode now enforces that its two keys are different to mitigate		*) AES-XTS mode now enforces that its two keys are different to mitigate
	the attacked described in "Efficient Instantiations of Tweakable		the attacked described in "Efficient Instantiations of Tweakable
	Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway.		Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway.

crypto/ec/ec_ameth.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
	if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)		if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
	return 0;		return 0;

	if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
	return 0;		return 0;

	kdf_md = EVP_get_digestbynid(kdfmd_nid);		kdf_md = EVP_get_digestbynid(kdfmd_nid);
	@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
	ecdh_nid = NID_dh_cofactor_kdf;		ecdh_nid = NID_dh_cofactor_kdf;

	if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {		if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
	kdf_type = EVP_PKEY_ECDH_KDF_X9_62;		kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
	if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
	goto err;		goto err;
	} else		} else

crypto/ec/ec_pmeth.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
	if (!pkey_ec_derive(ctx, ktmp, &ktmplen))		if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
	goto err;		goto err;
	/* Do KDF stuff */		/* Do KDF stuff */
	if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,		if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
	dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))		dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
	goto err;		goto err;
	rv = 1;		rv = 1;
	@@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
	case EVP_PKEY_CTRL_EC_KDF_TYPE:		case EVP_PKEY_CTRL_EC_KDF_TYPE:
	if (p1 == -2)		if (p1 == -2)
	return dctx->kdf_type;		return dctx->kdf_type;
	if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)		if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
	return -2;		return -2;
	dctx->kdf_type = p1;		dctx->kdf_type = p1;
	return 1;		return 1;

crypto/ec/ecdh_kdf.c

+16 −3

Original line number	Original line	Diff line number	Diff line
	/*		/*
	* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.		* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
	*		*
	* Licensed under the OpenSSL license (the "License"). You may not use		* Licensed under the OpenSSL license (the "License"). You may not use
	* this file except in compliance with the License. You can obtain a copy		* this file except in compliance with the License. You can obtain a copy
	@@ -10,12 +10,13 @@
	#include <string.h>		#include <string.h>
	#include <openssl/ec.h>		#include <openssl/ec.h>
	#include <openssl/evp.h>		#include <openssl/evp.h>
			#include "ec_lcl.h"

	/* Key derivation function from X9.62/SECG */		/* Key derivation function from X9.63/SECG */
	/* Way more than we will ever need */		/* Way more than we will ever need */
	#define ECDH_KDF_MAX (1 << 30)		#define ECDH_KDF_MAX (1 << 30)

	int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,		int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
	const unsigned char *Z, size_t Zlen,		const unsigned char *Z, size_t Zlen,
	const unsigned char *sinfo, size_t sinfolen,		const unsigned char *sinfo, size_t sinfolen,
	const EVP_MD *md)		const EVP_MD *md)
	@@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
	EVP_MD_CTX_free(mctx);		EVP_MD_CTX_free(mctx);
	return rv;		return rv;
	}		}

			/*-
			* The old name for ecdh_KDF_X9_63
			* Retained for ABI compatibility
			*/
			int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
			const unsigned char *Z, size_t Zlen,
			const unsigned char *sinfo, size_t sinfolen,
			const EVP_MD *md)
			{
			return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
			}

crypto/include/internal/ec_int.h

+8 −0

Original line number	Original line	Diff line number	Diff line
	@@ -41,5 +41,13 @@
	__owur int ec_group_do_inverse_ord(const EC_GROUP group, BIGNUM res,		__owur int ec_group_do_inverse_ord(const EC_GROUP group, BIGNUM res,
	const BIGNUM x, BN_CTX ctx);		const BIGNUM x, BN_CTX ctx);

			/*-
			* ECDH Key Derivation Function as defined in ANSI X9.63
			*/
			int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
			const unsigned char *Z, size_t Zlen,
			const unsigned char *sinfo, size_t sinfolen,
			const EVP_MD *md);

	# endif /* OPENSSL_NO_EC */		# endif /* OPENSSL_NO_EC */
	#endif		#endif