EVP module documentation pass (ffd89124) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,11 @@

		Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]

		*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
		the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
		are retained for backwards compatibility.
		[Antoine Salon]

		*) AES-XTS mode now enforces that its two keys are different to mitigate
		the attacked described in "Efficient Instantiations of Tweakable
		Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway.

+2 −2

Original line number	Diff line number	Diff line
		@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
		if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
		return 0;

		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
		return 0;

		kdf_md = EVP_get_digestbynid(kdfmd_nid);
		@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
		ecdh_nid = NID_dh_cofactor_kdf;

		if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
		kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
		kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
		if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
		goto err;
		} else

+2 −2

Original line number	Diff line number	Diff line
		@@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
		if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
		goto err;
		/* Do KDF stuff */
		if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
		if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
		dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
		goto err;
		rv = 1;
		@@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		case EVP_PKEY_CTRL_EC_KDF_TYPE:
		if (p1 == -2)
		return dctx->kdf_type;
		if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
		if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
		return -2;
		dctx->kdf_type = p1;
		return 1;

+16 −3

Original line number	Diff line number	Diff line
		/*
		* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
		* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
		*
		* Licensed under the OpenSSL license (the "License"). You may not use
		* this file except in compliance with the License. You can obtain a copy
		@@ -10,12 +10,13 @@
		#include <string.h>
		#include <openssl/ec.h>
		#include <openssl/evp.h>
		#include "ec_lcl.h"

		/* Key derivation function from X9.62/SECG */
		/* Key derivation function from X9.63/SECG */
		/* Way more than we will ever need */
		#define ECDH_KDF_MAX (1 << 30)

		int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
		int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
		const unsigned char *Z, size_t Zlen,
		const unsigned char *sinfo, size_t sinfolen,
		const EVP_MD *md)
		@@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
		EVP_MD_CTX_free(mctx);
		return rv;
		}

		/*-
		* The old name for ecdh_KDF_X9_63
		* Retained for ABI compatibility
		*/
		int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
		const unsigned char *Z, size_t Zlen,
		const unsigned char *sinfo, size_t sinfolen,
		const EVP_MD *md)
		{
		return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
		}

+8 −0

Original line number	Diff line number	Diff line
		@@ -41,5 +41,13 @@
		__owur int ec_group_do_inverse_ord(const EC_GROUP group, BIGNUM res,
		const BIGNUM x, BN_CTX ctx);

		/*-
		* ECDH Key Derivation Function as defined in ANSI X9.63
		*/
		int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
		const unsigned char *Z, size_t Zlen,
		const unsigned char *sinfo, size_t sinfolen,
		const EVP_MD *md);

		# endif /* OPENSSL_NO_EC */
		#endif