kris
/
boringssl
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
ソースを参照

Remove ECDH_KDF_X9_62 and associated EVP glue. 

Removes a bit of unused code. This effectively reverts upstream's
25af7a5dbc. It's new with OpenSSL 1.0.2 so
nothing can be using it yet. We can restore it with tests if we end up wanting
it later.

(Also I think it might be misnamed. The KDF seems to be defined in X9.63, not
X9.62.)

Change-Id: I482daf681e0cf5c3bbdc72c57793f91448deaee8
Reviewed-on: https://boringssl-review.googlesource.com/2846
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9年前
committed by Adam Langley
c61517cb5a
コミット
1681d79ddf
4個のファイルの変更2行の追加198行の削除
分割表示
差分オプション
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード
  1. +0
    -57
      crypto/ecdh/ecdh.c
  2. +2
    -122
      crypto/evp/p_ec.c
  3. +0
    -7
      include/openssl/ecdh.h
  4. +0
    -12
      include/openssl/evp.h

+ 0
- 57
crypto/ecdh/ecdh.c ファイルの表示

@@ -153,60 +153,3 @@ err:
OPENSSL_free(buf);
return ret;
}

/* Key derivation function from X9.62/SECG */
/* Way more than we will ever need */
#define ECDH_KDF_MAX (1 << 30)

int ECDH_KDF_X9_62(uint8_t *out, size_t outlen, const uint8_t *Z,
size_t Zlen, const uint8_t *sinfo, size_t sinfolen,
const EVP_MD *md) {
EVP_MD_CTX mctx;
int rv = 0;
unsigned int i;
size_t mdlen;
uint8_t ctr[4];

if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) {
return 0;
}
mdlen = EVP_MD_size(md);
EVP_MD_CTX_init(&mctx);

for (i = 1;; i++) {
uint8_t mtmp[EVP_MAX_MD_SIZE];
EVP_DigestInit_ex(&mctx, md, NULL);
ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF;
ctr[0] = (i >> 24) & 0xFF;
if (!EVP_DigestUpdate(&mctx, Z, Zlen) ||
!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)) ||
!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) {
goto err;
}

if (outlen >= mdlen) {
if (!EVP_DigestFinal(&mctx, out, NULL)) {
goto err;
}
outlen -= mdlen;
if (outlen == 0) {
break;
}
out += mdlen;
} else {
if (!EVP_DigestFinal(&mctx, mtmp, NULL)) {
goto err;
}
memcpy(out, mtmp, outlen);
OPENSSL_cleanse(mtmp, mdlen);
break;
}
}
rv = 1;

err:
EVP_MD_CTX_cleanup(&mctx);
return rv;
}

+ 2
- 122
crypto/evp/p_ec.c ファイルの表示

@@ -76,19 +76,6 @@ typedef struct {
EC_GROUP *gen_group;
/* message digest */
const EVP_MD *md;
/* Duplicate key if custom cofactor needed */
EC_KEY *co_key;
/* Cofactor mode */
signed char cofactor_mode;
/* KDF (if any) to use for ECDH */
char kdf_type;
/* Message digest to use for key derivation */
const EVP_MD *kdf_md;
/* User key material */
unsigned char *kdf_ukm;
size_t kdf_ukmlen;
/* KDF output length */
size_t kdf_outlen;
} EC_PKEY_CTX;


@@ -99,8 +86,6 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
return 0;
}
memset(dctx, 0, sizeof(EC_PKEY_CTX));
dctx->cofactor_mode = -1;
dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;

ctx->data = dctx;

@@ -123,24 +108,6 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {
}
dctx->md = sctx->md;

if (sctx->co_key) {
dctx->co_key = EC_KEY_dup(sctx->co_key);
if (!dctx->co_key) {
return 0;
}
}
dctx->kdf_type = sctx->kdf_type;
dctx->kdf_md = sctx->kdf_md;
dctx->kdf_outlen = sctx->kdf_outlen;
if (sctx->kdf_ukm) {
dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
if (!dctx->kdf_ukm) {
return 0;
}
} else {
dctx->kdf_ukm = NULL;
}
dctx->kdf_ukmlen = sctx->kdf_ukmlen;
return 1;
}

@@ -153,12 +120,6 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
if (dctx->gen_group) {
EC_GROUP_free(dctx->gen_group);
}
if (dctx->co_key) {
EC_KEY_free(dctx->co_key);
}
if (dctx->kdf_ukm) {
OPENSSL_free(dctx->kdf_ukm);
}
OPENSSL_free(dctx);
}

@@ -209,14 +170,13 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
size_t outlen;
const EC_POINT *pubkey = NULL;
EC_KEY *eckey;
EC_PKEY_CTX *dctx = ctx->data;

if (!ctx->pkey || !ctx->peerkey) {
OPENSSL_PUT_ERROR(EVP, pkey_ec_derive, EVP_R_KEYS_NOT_SET);
return 0;
}

eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
eckey = ctx->pkey->pkey.ec;

if (!key) {
const EC_GROUP *group;
@@ -239,46 +199,6 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
return 1;
}

static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
size_t *keylen) {
EC_PKEY_CTX *dctx = ctx->data;
uint8_t *ktmp = NULL;
size_t ktmplen;
int rv = 0;

if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
return pkey_ec_derive(ctx, key, keylen);
}
if (!key) {
*keylen = dctx->kdf_outlen;
return 1;
}
if (*keylen != dctx->kdf_outlen ||
!pkey_ec_derive(ctx, NULL, &ktmplen)) {
return 0;
}
ktmp = OPENSSL_malloc(ktmplen);
if (!ktmp) {
return 0;
}
if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) {
goto err;
}

if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, dctx->kdf_ukm,
dctx->kdf_ukmlen, dctx->kdf_md)) {
goto err;
}
rv = 1;

err:
if (ktmp) {
OPENSSL_cleanse(ktmp, ktmplen);
OPENSSL_free(ktmp);
}
return rv;
}

static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
EC_PKEY_CTX *dctx = ctx->data;
EC_GROUP *group;
@@ -295,46 +215,6 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
dctx->gen_group = group;
return 1;

case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
return -2;
dctx->kdf_type = p1;
return 1;

case EVP_PKEY_CTRL_EC_KDF_MD:
dctx->kdf_md = p2;
return 1;

case EVP_PKEY_CTRL_GET_EC_KDF_MD:
*(const EVP_MD **)p2 = dctx->kdf_md;
return 1;

case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
if (p1 <= 0)
return -2;
dctx->kdf_outlen = (size_t)p1;
return 1;

case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
*(int *)p2 = dctx->kdf_outlen;
return 1;

case EVP_PKEY_CTRL_EC_KDF_UKM:
if (dctx->kdf_ukm)
OPENSSL_free(dctx->kdf_ukm);
dctx->kdf_ukm = p2;
if (p2)
dctx->kdf_ukmlen = p1;
else
dctx->kdf_ukmlen = 0;
return 1;

case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
*(unsigned char **)p2 = dctx->kdf_ukm;
return dctx->kdf_ukmlen;

case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
@@ -417,5 +297,5 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
pkey_ec_verify, 0 /* signctx_init */, 0 /* signctx */,
0 /* verifyctx_init */, 0 /* verifyctx */, 0 /* encrypt_init */,
0 /* encrypt */, 0 /* decrypt_init */, 0 /* decrypt */,
0 /* derive_init */, pkey_ec_kdf_derive, pkey_ec_ctrl,
0 /* derive_init */, pkey_ec_derive, pkey_ec_ctrl,
};

+ 0
- 7
include/openssl/ecdh.h ファイルの表示

@@ -90,13 +90,6 @@ OPENSSL_EXPORT int ECDH_compute_key(void *out, size_t outlen,
void *(*KDF)(const void *in, size_t inlen,
void *out, size_t *outlen));

/* ECDH_KDF_X9_62 writes |outlen| bytes to |out| using the KDF from X9.62
* applied to |Z| and |sinfo| and using the hash |md|. It returns one on
* success and zero otherwise. */
OPENSSL_EXPORT int ECDH_KDF_X9_62(uint8_t *out, size_t outlen, const uint8_t *Z,
size_t Zlen, const uint8_t *sinfo,
size_t sinfolen, const EVP_MD *md);


#if defined(__cplusplus)
} /* extern C */


+ 0
- 12
include/openssl/evp.h ファイルの表示

@@ -707,18 +707,6 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
/* EC specific */

#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
#define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2)
#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3)
#define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4)
#define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5)
#define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6)
#define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7)
#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8)
#define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9)
#define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10)

#define EVP_PKEY_ECDH_KDF_NONE 1
#define EVP_PKEY_ECDH_KDF_X9_62 2


/* Private functions */


書き込み プレビュー
読み込み中…
キャンセル
保存