#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
-#include <openssl/core_numbers.h>
+#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/ec.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/implementations.h"
+#include "prov/securitycheck.h"
#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
-static OSSL_OP_keyexch_newctx_fn ecdh_newctx;
-static OSSL_OP_keyexch_init_fn ecdh_init;
-static OSSL_OP_keyexch_set_peer_fn ecdh_set_peer;
-static OSSL_OP_keyexch_derive_fn ecdh_derive;
-static OSSL_OP_keyexch_freectx_fn ecdh_freectx;
-static OSSL_OP_keyexch_dupctx_fn ecdh_dupctx;
-static OSSL_OP_keyexch_set_ctx_params_fn ecdh_set_ctx_params;
-static OSSL_OP_keyexch_settable_ctx_params_fn ecdh_settable_ctx_params;
-static OSSL_OP_keyexch_get_ctx_params_fn ecdh_get_ctx_params;
-static OSSL_OP_keyexch_gettable_ctx_params_fn ecdh_gettable_ctx_params;
+static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx;
+static OSSL_FUNC_keyexch_init_fn ecdh_init;
+static OSSL_FUNC_keyexch_set_peer_fn ecdh_set_peer;
+static OSSL_FUNC_keyexch_derive_fn ecdh_derive;
+static OSSL_FUNC_keyexch_freectx_fn ecdh_freectx;
+static OSSL_FUNC_keyexch_dupctx_fn ecdh_dupctx;
+static OSSL_FUNC_keyexch_set_ctx_params_fn ecdh_set_ctx_params;
+static OSSL_FUNC_keyexch_settable_ctx_params_fn ecdh_settable_ctx_params;
+static OSSL_FUNC_keyexch_get_ctx_params_fn ecdh_get_ctx_params;
+static OSSL_FUNC_keyexch_gettable_ctx_params_fn ecdh_gettable_ctx_params;
enum kdf_type {
PROV_ECDH_KDF_NONE = 0,
*/
typedef struct {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
EC_KEY *k;
EC_KEY *peerk;
static
void *ecdh_newctx(void *provctx)
{
- PROV_ECDH_CTX *pectx = OPENSSL_zalloc(sizeof(*pectx));
+ PROV_ECDH_CTX *pectx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
+ pectx = OPENSSL_zalloc(sizeof(*pectx));
if (pectx == NULL)
return NULL;
- pectx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+ pectx->libctx = PROV_LIBCTX_OF(provctx);
pectx->cofactor_mode = -1;
pectx->kdf_type = PROV_ECDH_KDF_NONE;
{
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
- if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
+ if (!ossl_prov_is_running()
+ || pecdhctx == NULL
+ || vecdh == NULL
+ || !EC_KEY_up_ref(vecdh))
return 0;
EC_KEY_free(pecdhctx->k);
pecdhctx->k = vecdh;
pecdhctx->cofactor_mode = -1;
pecdhctx->kdf_type = PROV_ECDH_KDF_NONE;
- return 1;
+ return ec_check_key(vecdh, 1);
}
static
{
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
- if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
+ if (!ossl_prov_is_running()
+ || pecdhctx == NULL
+ || vecdh == NULL
+ || !EC_KEY_up_ref(vecdh))
return 0;
EC_KEY_free(pecdhctx->peerk);
pecdhctx->peerk = vecdh;
- return 1;
+ return ec_check_key(vecdh, 1);
}
static
PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx;
PROV_ECDH_CTX *dstctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
dstctx = OPENSSL_zalloc(sizeof(*srcctx));
if (dstctx == NULL)
return NULL;
EVP_MD_free(pectx->kdf_md);
pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops);
-
+ if (!digest_is_allowed(pectx->kdf_md)) {
+ EVP_MD_free(pectx->kdf_md);
+ pectx->kdf_md = NULL;
+ }
if (pectx->kdf_md == NULL)
return 0;
}
};
static
-const OSSL_PARAM *ecdh_settable_ctx_params(void)
+const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *provctx)
{
return known_settable_ctx_params;
}
return 0;
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM);
- if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, 0))
- return 0;
-
- p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM_LEN);
- if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_ukmlen))
+ if (p != NULL &&
+ !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, pectx->kdf_ukmlen))
return 0;
return 1;
OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL),
OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR,
NULL, 0),
- OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN, NULL),
OSSL_PARAM_END
};
static
-const OSSL_PARAM *ecdh_gettable_ctx_params(void)
+const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *provctx)
{
return known_gettable_ctx_params;
}
stmp, stmplen,
pecdhctx->kdf_ukm,
pecdhctx->kdf_ukmlen,
- pecdhctx->kdf_md))
+ pecdhctx->kdf_md,
+ pecdhctx->libctx, NULL))
goto err;
*psecretlen = pecdhctx->kdf_outlen;
ret = 1;
return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen);
case PROV_ECDH_KDF_X9_63:
return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen);
+ default:
+ break;
}
-
return 0;
}
-
-
-const OSSL_DISPATCH ecdh_keyexch_functions[] = {
+const OSSL_DISPATCH ecossl_dh_keyexch_functions[] = {
{ OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))ecdh_newctx },
{ OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecdh_init },
{ OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecdh_derive },