root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers 

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15130)
This commit is contained in:
Jon Spillett 2021-05-04 15:19:42 +10:00 committed by Tomas Mraz
parent 6d1bb1fffd
commit 592ea4ba94
7 changed files with 81 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/evp/evp_lib.c
View File

@ -126,8 +126,9 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
* We make two passes, the first to get the appropriate buffer size,
* and the second to get the actual value.
*/
*p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
NULL, 0);
*p++ = OSSL_PARAM_construct_octet_string(
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
NULL, 0);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(c, params))
@ -213,8 +214,9 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) {
*p++ =
OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
der, (size_t)derl);
OSSL_PARAM_construct_octet_string(
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
der, (size_t)derl);
*p = OSSL_PARAM_construct_end();
if (EVP_CIPHER_CTX_set_params(c, params))
ret = 1;
@ -369,6 +371,10 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher)
/* Provided implementations may have a custom cipher_cipher */
if (cipher->prov != NULL && cipher->ccipher != NULL)
cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
/* Provided implementations may also have custom ASN1 algorithm parameters */
if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher),
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS))
cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1;
}
return ok;
}

2
doc/man7/provider-cipher.pod
View File

@ -350,7 +350,7 @@ Gets a implementation specific randomly generated key for the associated
cipher ctx. This is currently only supported by 3DES (which sets the key to
odd parity).
=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALG_ID>) <octet string>
=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
Used to pass the DER encoded AlgorithmIdentifier parameter to or from
the cipher implementation. Functions like L<EVP_CIPHER_param_to_asn1(3)>

2
include/openssl/core_names.h
View File

@ -94,7 +94,7 @@ extern "C" {
#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */
#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */
/* For passing the AlgorithmIdentifier parameter in DER form */
#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */
#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */
#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \
"tls1multi_maxsndfrag" /* uint */

2
providers/fips-sources.checksums
View File

@ -172,7 +172,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_
87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c
c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c
9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561 crypto/evp/evp_fetch.c
c1017021bfff5cd76ac66e08ece80c78cbb9551194a4560c84ad0ad75d46511f crypto/evp/evp_lib.c
f975f6ba3aff8130b775f39182fdc783a3ef954402313248edd661d29032aa05 crypto/evp/evp_lib.c
af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291 crypto/evp/evp_rand.c
c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp_utils.c
896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a crypto/evp/exchange.c

2
providers/fips.checksum
View File

@ -1 +1 @@
31b3d6511f42b33ac269d527ab6ff7c18f0afda32f913d825eee5efc7e772da2 providers/fips-sources.checksums
734ff29885aaf5d08474ad7e36f7ec6ea1813ce9c917d335225fe8fe284f38f1 providers/fips-sources.checksums

6
providers/implementations/ciphers/cipher_rc2.c
View File

@ -117,7 +117,7 @@ static int rc2_get_ctx_params(void *vctx, OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALG_ID);
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS);
if (p != NULL) {
long num;
int i;
@ -176,7 +176,7 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
return 0;
}
}
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_ALG_ID);
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS);
if (p != NULL) {
ASN1_TYPE *type = NULL;
long num = 0;
@ -210,11 +210,13 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(rc2)
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0),
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc2)
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc2)
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0),
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc2)
#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, blkbits, \

65
test/pkcs12_format_test.c
View File

@ -229,6 +229,15 @@ static const int enc_nids_all[] = {
NID_des_ede3_cbc,
NID_des_cbc,
#endif
#ifndef OPENSSL_NO_RC5
NID_rc5_cbc,
#endif
#ifndef OPENSSL_NO_RC4
NID_rc4,
#endif
#ifndef OPENSSL_NO_RC2
NID_rc2_cbc,
#endif
#ifndef OPENSSL_NO_MD2
# ifndef OPENSSL_NO_DES
@ -602,6 +611,55 @@ static int test_single_secret_encrypted_content(void)
return end_pkcs12_builder(pb);
}
static int test_single_secret(PKCS12_ENC *enc)
{
int custom_nid;
char fname[80];
PKCS12_BUILDER *pb;
sprintf(fname, "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
pb = new_pkcs12_builder(fname);
custom_nid = get_custom_oid();
/* Generate/encode */
start_pkcs12(pb);
start_contentinfo(pb);
add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
end_contentinfo_encrypted(pb, enc);
end_pkcs12_with_mac(pb, &mac_default);
/* Read/decode */
start_check_pkcs12_with_mac(pb, &mac_default);
start_check_contentinfo_encrypted(pb, enc);
check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
end_check_contentinfo(pb);
end_check_pkcs12(pb);
return end_pkcs12_builder(pb);
}
static int test_single_secret_enc_alg(int z)
{
PKCS12_ENC enc;
if (lgcyprov == NULL)
enc.nid = enc_nids_no_legacy[z];
else
enc.nid = enc_nids_all[z];
enc.pass = enc_default.pass;
enc.iter = enc_default.iter;
return test_single_secret(&enc);
}
static int test_multiple_contents(void)
{
PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12");
@ -720,10 +778,13 @@ int setup_tests(void)
}
ADD_TEST(test_single_cert_no_attrs);
if (lgcyprov == NULL)
if (lgcyprov == NULL) {
ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
else
ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
} else {
ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_all));
ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_all));
}
ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords));
ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters));
ADD_TEST(test_single_key_with_attrs);