summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-04-20 09:29:47 +0200
committerMatt Caswell <matt@openssl.org>2020-04-23 11:44:37 +0200
commit1a7328c8825627f723be624ddbc7e5bfb40f8fd5 (patch)
tree925268e958dd7d885bd716f69b48b08ab8644df4
parentEVP: Fix EVP_Digest{Sign,Verify}Init() to handle no default digest (diff)
downloadopenssl-1a7328c8825627f723be624ddbc7e5bfb40f8fd5.tar.xz
openssl-1a7328c8825627f723be624ddbc7e5bfb40f8fd5.zip
PROV: Ensure that ED25519 & ED448 keys have a mandatory digest
This adds handling of the parameter "mandatory-digest" and responds with an empty string, meaning that no digest may be used. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11576)
-rw-r--r--doc/man7/EVP_PKEY-X25519.pod10
-rw-r--r--providers/implementations/keymgmt/ecx_kmgmt.c50
2 files changed, 55 insertions, 5 deletions
diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index 1afa52d041..dd3e68f109 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -28,6 +28,16 @@ The private key value.
=back
+=head2 ED25519 and ED448 parameters
+
+=over 4
+
+=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <utf8 string>
+
+The empty string, signifying that no digest may be specified.
+
+=back
+
=head1 CONFORMING TO
=over 4
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index c9105f777d..2ba8f53e5a 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -42,7 +42,10 @@ static OSSL_OP_keymgmt_get_params_fn x25519_get_params;
static OSSL_OP_keymgmt_get_params_fn x448_get_params;
static OSSL_OP_keymgmt_get_params_fn ed25519_get_params;
static OSSL_OP_keymgmt_get_params_fn ed448_get_params;
-static OSSL_OP_keymgmt_gettable_params_fn ecx_gettable_params;
+static OSSL_OP_keymgmt_gettable_params_fn x25519_gettable_params;
+static OSSL_OP_keymgmt_gettable_params_fn x448_gettable_params;
+static OSSL_OP_keymgmt_gettable_params_fn ed25519_gettable_params;
+static OSSL_OP_keymgmt_gettable_params_fn ed448_gettable_params;
static OSSL_OP_keymgmt_has_fn ecx_has;
static OSSL_OP_keymgmt_import_fn ecx_import;
static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types;
@@ -207,6 +210,17 @@ static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits,
return key_to_params(ecx, NULL, params);
}
+static int ed_get_params(void *key, OSSL_PARAM params[])
+{
+ OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate(params,
+ OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
+ && !OSSL_PARAM_set_utf8_string(p, ""))
+ return 0;
+ return 1;
+}
+
static int x25519_get_params(void *key, OSSL_PARAM params[])
{
return ecx_get_params(key, params, X25519_BITS, X25519_SECURITY_BITS,
@@ -222,28 +236,54 @@ static int x448_get_params(void *key, OSSL_PARAM params[])
static int ed25519_get_params(void *key, OSSL_PARAM params[])
{
return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS,
- ED25519_KEYLEN);
+ ED25519_KEYLEN)
+ && ed_get_params(key, params);
}
static int ed448_get_params(void *key, OSSL_PARAM params[])
{
return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS,
- ED448_KEYLEN);
+ ED448_KEYLEN)
+ && ed_get_params(key, params);
}
static const OSSL_PARAM ecx_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
+ ECX_KEY_TYPES(),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM ed_params[] = {
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
ECX_KEY_TYPES(),
OSSL_PARAM_END
};
-static const OSSL_PARAM *ecx_gettable_params(void)
+static const OSSL_PARAM *x25519_gettable_params(void)
+{
+ return ecx_params;
+}
+
+static const OSSL_PARAM *x448_gettable_params(void)
{
return ecx_params;
}
+static const OSSL_PARAM *ed25519_gettable_params(void)
+{
+ return ed_params;
+}
+
+static const OSSL_PARAM *ed448_gettable_params(void)
+{
+ return ed_params;
+}
+
static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
@@ -383,7 +423,7 @@ static void ecx_gen_cleanup(void *genctx)
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free }, \
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \
- { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params }, \
+ { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \