diff options
author | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
commit | f398f615b6df385aec2b3553310cc237b29e068a (patch) | |
tree | 5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /libressl/include/openssl/ec.h | |
parent | 77191bf3e4e049603fb6a0547876259c29c71dbd (diff) | |
download | alpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz |
* The feature that stopped alpine from saving passwords in the password
file prevented users from actually saving their passwords in Windows
and MAC OS. Fix the code so that passwords will be saved. Also,
update the documentation of this feature.
* Fix a buffer overflow bug in the XOAUTH2 code (off by one error).
* Update PC-Alpine to work with Libressl version 3.0.2 instead of
version 2.5.5 (update build.bat and lib files from the LibreSSL
build).
* Erase SSLXXXXXX file.
* ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c.
The file ssl_libressl.c is the file ssl_unix.c from the unix osdep
directory. The file ssl_win.c is the native SSL windows code. The
Unix side provides S/MIME support for Alpine and the latest
encryption protocols support for Alpine when connecting to a secure
server, while the windows side provide TLSv1_3 support for Alpine,
but not S/MIME support.
In order to provide unix code for TLSv1_3 (once LibreSSL supports it)
edit the file os_nt.c and remove the comments on the #ifdef section.
This would provide both TLSv1_3 and S/MIME support with unix code. On
the other hand, when we provide TLSv1_3 with the Windows code we need
to undefine DF_ENCRYPTION_RANGE, and this is done in the file
include/config.wnt.h. The way this is done as of this moment is by
commenting an #else directive that preceedes this #undefine.
* Update makefile.nt and friends in the windows side to account for the
addition of XOAUTH2, and the use of only ssl_nt.c when dealing with
Alpine.
* Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these
certificates be considered while checking a digital S/MIME signature.
* Improvements to the SMARTTIME24 token to account for changes in year.
Diffstat (limited to 'libressl/include/openssl/ec.h')
-rw-r--r-- | libressl/include/openssl/ec.h | 142 |
1 files changed, 136 insertions, 6 deletions
diff --git a/libressl/include/openssl/ec.h b/libressl/include/openssl/ec.h index dc70cfa6..a95d99f6 100644 --- a/libressl/include/openssl/ec.h +++ b/libressl/include/openssl/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.12 2016/11/04 17:33:19 miod Exp $ */ +/* $OpenBSD: ec.h,v 1.18 2019/09/29 10:09:09 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -97,7 +97,7 @@ extern "C" { #ifndef OPENSSL_ECC_MAX_FIELD_BITS -# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#define OPENSSL_ECC_MAX_FIELD_BITS 661 #endif /** Enum for the point conversion form as defined in X9.62 (ECDSA) @@ -705,6 +705,7 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); /********************************************************************/ typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; /* some values for the encoding_flag */ #define EC_PKEY_NO_PARAMETERS 0x001 @@ -713,6 +714,7 @@ typedef struct ec_key_st EC_KEY; /* some values for the flags field */ #define EC_FLAG_NON_FIPS_ALLOW 0x1 #define EC_FLAG_FIPS_CHECKED 0x2 +#define EC_FLAG_COFACTOR_ECDH 0x1000 /** Creates a new EC_KEY object. * \return EC_KEY object or NULL if an error occurred. @@ -911,7 +913,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); * of bytes needed). * \return 1 on success and 0 if an error occurred */ -int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); #ifndef OPENSSL_NO_BIO /** Prints out the ec parameters on human readable form. @@ -945,6 +947,44 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key); */ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); + EC_KEY *ECParameters_dup(EC_KEY *key); #ifndef __cplusplus @@ -956,11 +996,96 @@ EC_KEY *ECParameters_dup(EC_KEY *key); #endif #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) - + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +#define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +#define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +#define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +#define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +#define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +#define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +#define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +#define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +#define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +#define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +#define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +#define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +#define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) #define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +#define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) + +/* KDF types */ +#define EVP_PKEY_ECDH_KDF_NONE 1 +#define EVP_PKEY_ECDH_KDF_X9_63 2 /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -1133,6 +1258,7 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 #define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST 151 #define EC_R_INVALID_DIGEST_TYPE 138 #define EC_R_INVALID_ENCODING 102 #define EC_R_INVALID_FIELD 103 @@ -1141,6 +1267,7 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PENTANOMIAL_BASIS 132 #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KDF_PARAMETER_ERROR 148 #define EC_R_KEYS_NOT_SET 140 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 @@ -1151,12 +1278,15 @@ void ERR_load_EC_strings(void); #define EC_R_NO_FIELD_MOD 133 #define EC_R_NO_PARAMETERS_SET 139 #define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PEER_KEY_ERROR 149 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 +#define EC_R_SHARED_INFO_ERROR 150 #define EC_R_SLOT_FULL 108 #define EC_R_UNDEFINED_GENERATOR 113 #define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_COFACTOR 164 #define EC_R_UNKNOWN_GROUP 129 #define EC_R_UNKNOWN_ORDER 114 #define EC_R_UNSUPPORTED_FIELD 131 |