List Info

Thread: OpenSSL: openssl/ CHANGES openssl/apps/ apps.h dgst.c genpkey.c ...
OpenSSL: openssl/ CHANGES openssl/apps/ apps.h dgst.c genpkey.c ...
country flaguser name
Germany		 2007-04-11 12:20:41 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
11-Apr-2007 19:20:40
  Branch: HEAD                             Handle:
2007041118203604

  Modified files:
    openssl                 CHANGES
    openssl/apps            apps.h dgst.c genpkey.c
    openssl/crypto/evp      evp.h pmeth_gn.c

  Log:
    New -mac and -macopt options to dgst utility.
Reimplement -hmac option in
    terms of new API.

  Summary:
    Revision    Changes     Path
    1.1378      +2  -1      openssl/CHANGES
    1.79        +2  -0      openssl/apps/apps.h
    1.42        +72 -26     openssl/apps/dgst.c
    1.10        +2  -4      openssl/apps/genpkey.c
    1.172       +3  -0      openssl/crypto/evp/evp.h
    1.4         +21 -0      openssl/crypto/evp/pmeth_gn.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/CHANGES
 
============================================================
================
  $ cvs diff -u -r1.1377 -r1.1378 CHANGES
  --- openssl/CHANGES	11 Apr 2007 12:33:28 -0000	1.1377
  +++ openssl/CHANGES	11 Apr 2007 17:20:36 -0000	1.1378
   -7,7 +7,8 
     *) Experimental support for use of HMAC via EVP_PKEY
interface. This
        allows HMAC to be handled via the EVP_DigestSign*()
interface. The
        EVP_PKEY "key" in this case is the HMAC
key, potentially allowing
  -     ENGINE support for HMAC keys which are
unextractable.
  +     ENGINE support for HMAC keys which are
unextractable. New -mac and
  +     -macopt options to dgst utility.
        [Steve Henson]
   
     *) New option -sigopt to dgst utility. Update dgst to
use
   .
  patch -p0 <<' .'
  Index: openssl/apps/apps.h
 
============================================================
================
  $ cvs diff -u -r1.78 -r1.79 apps.h
  --- openssl/apps/apps.h	17 Apr 2006 12:22:13 -0000	1.78
  +++ openssl/apps/apps.h	11 Apr 2007 17:20:38 -0000	1.79
   -294,6 +294,8 
   void policies_print(BIO *out, X509_STORE_CTX *ctx);
   int bio_to_mem(unsigned char **out, int maxlen, BIO
*in);
   int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
  +int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  +			const char *algname, ENGINE *e, int do_param);
   
   #define FORMAT_UNDEF    0
   #define FORMAT_ASN1     1
   .
  patch -p0 <<' .'
  Index: openssl/apps/dgst.c
 
============================================================
================
  $ cvs diff -u -r1.41 -r1.42 dgst.c
  --- openssl/apps/dgst.c	8 Apr 2007 12:47:18 -0000	1.41
  +++ openssl/apps/dgst.c	11 Apr 2007 17:20:38 -0000	1.42
   -76,7 +76,7 
   
   int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep,
int binout,
   	  EVP_PKEY *key, unsigned char *sigin, int siglen, const
char *title,
  -	  const char *file,BIO *bmd,const char *hmac_key);
  +	  const char *file,BIO *bmd);
   
   int MAIN(int, char **);
   
   -106,7 +106,8 
   	char *engine=NULL;
   #endif
   	char *hmac_key=NULL;
  -	STACK *sigopts = NULL;
  +	char *mac_name=NULL;
  +	STACK *sigopts = NULL, *macopts = NULL;
   
   	apps_startup();
   
   -198,6 +199,12 
   				break;
   			hmac_key=*++argv;
   			}
  +		else if (!strcmp(*argv,"-mac"))
  +			{
  +			if (--argc < 1)
  +				break;
  +			mac_name=*++argv;
  +			}
   		else if (strcmp(*argv,"-sigopt") == 0)
   			{
   			if (--argc < 1)
   -207,6 +214,15 
   			if (!sigopts || !sk_push(sigopts, *(++argv)))
   				break;
   			}
  +		else if (strcmp(*argv,"-macopt") == 0)
  +			{
  +			if (--argc < 1)
  +				break;
  +			if (!macopts)
  +				macopts = sk_new_null();
  +			if (!macopts || !sk_push(macopts, *(++argv)))
  +				break;
  +			}
   		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) !=
NULL)
   			md=m;
   		else
   -326,6 +342,11 
   		ERR_print_errors(bio_err);
   		goto end;
   	}
  +	if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
  +		{
  +		BIO_printf(bio_err, "MAC and Signing key cannot
both be specifiedn");
  +		goto end;
  +		}
   
   	if(keyfile)
   		{
   -343,6 +364,50 
   			}
   		}
   
  +	if (mac_name)
  +		{
  +		EVP_PKEY_CTX *mac_ctx = NULL;
  +		int r = 0;
  +		if (!init_gen_str(bio_err, &mac_ctx, mac_name,e,
0))
  +			goto mac_end;
  +		if (macopts)
  +			{
  +			char *macopt;
  +			for (i = 0; i < sk_num(macopts); i++)
  +				{
  +				macopt = sk_value(macopts, i);
  +				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
  +					{
  +					BIO_printf(bio_err,
  +						"MAC parameter error
"%s"n",
  +						macopt);
  +					ERR_print_errors(bio_err);
  +					goto mac_end;
  +					}
  +				}
  +			}
  +		if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
  +			{
  +			BIO_puts(bio_err, "Error generating
keyn");
  +			ERR_print_errors(bio_err);
  +			goto mac_end;
  +			}
  +		r = 1;
  +		mac_end:
  +		if (mac_ctx)
  +			EVP_PKEY_CTX_free(mac_ctx);
  +		if (r == 0)
  +			goto end;
  +		}
  +
  +	if (hmac_key)
  +		{
  +		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
  +					(unsigned char *)hmac_key, -1);
  +		if (!sigkey)
  +			goto end;
  +		}
  +
   	if (sigkey)
   		{
   		EVP_MD_CTX *mctx = NULL;
   -410,7 +475,7 
   		{
   		BIO_set_fp(in,stdin,BIO_NOCLOSE);
   		err=do_fp(out, buf,inp,separator, out_bin, sigkey,
sigbuf,
  -			 
siglen,"","(stdin)",bmd,hmac_key);
  +			  siglen,"","(stdin)",bmd);
   		}
   	else
   		{
   -436,7 +501,7 
   			else
   				tmp="";
   			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
  -				siglen,tmp,argv[i],bmd,hmac_key);
  +				siglen,tmp,argv[i],bmd);
   			if(r)
   			    err=r;
   			if(tofree)
   -457,6 +522,8 
   	EVP_PKEY_free(sigkey);
   	if (sigopts)
   		sk_free(sigopts);
  +	if (macopts)
  +		sk_free(macopts);
   	if(sigbuf) OPENSSL_free(sigbuf);
   	if (bmd != NULL) BIO_free(bmd);
   	apps_shutdown();
   -465,23 +532,11 
   
   int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep,
int binout,
   	  EVP_PKEY *key, unsigned char *sigin, int siglen, const
char *title,
  -	  const char *file,BIO *bmd,const char *hmac_key)
  +	  const char *file,BIO *bmd)
   	{
   	unsigned int len;
   	int i;
  -	EVP_MD_CTX *md_ctx;
  -	HMAC_CTX hmac_ctx;
   
  -	if (hmac_key)
  -		{
  -		EVP_MD *md;
  -
  -		BIO_get_md(bmd,&md);
  -		HMAC_CTX_init(&hmac_ctx);
 
-		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md,
NULL);
  -		BIO_get_md_ctx(bmd,&md_ctx);
  -		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
  -		}
   	for (;;)
   		{
   		i=BIO_read(bp,(char *)buf,BUFSIZE);
   -524,11 +579,6 
   			return 1;
   			}
   		}
  -	else if(hmac_key)
  -		{
  -		HMAC_Final(&hmac_ctx,buf,&len);
  -		HMAC_CTX_cleanup(&hmac_ctx);
  -		}
   	else
   		len=BIO_gets(bp,(char *)buf,BUFSIZE);
   
   -544,10 +594,6 
   			}
   		BIO_printf(out, "n");
   		}
  -	if (hmac_key)
  -		{
  -		BIO_set_md_ctx(bmd,md_ctx);
  -		}
   	return 0;
   	}
   
   .
  patch -p0 <<' .'
  Index: openssl/apps/genpkey.c
 
============================================================
================
  $ cvs diff -u -r1.9 -r1.10 genpkey.c
  --- openssl/apps/genpkey.c	12 Jul 2006 18:00:20 -0000	1.9
  +++ openssl/apps/genpkey.c	11 Apr 2007 17:20:38
-0000	1.10
   -67,8 +67,6 
   
   static int init_keygen_file(BIO *err, EVP_PKEY_CTX
**pctx,
   				const char *file, ENGINE *e);
  -static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  -				const char *algname, ENGINE *e, int do_param);
   static int genpkey_cb(EVP_PKEY_CTX *ctx);
   
   #define PROG genpkey_main
   -362,8 +360,8 
   
   	}
   
  -static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  -				const char *algname, ENGINE *e, int do_param)
  +int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  +			const char *algname, ENGINE *e, int do_param)
   	{
   	EVP_PKEY_CTX *ctx = NULL;
   	const EVP_PKEY_ASN1_METHOD *ameth;
   .
  patch -p0 <<' .'
  Index: openssl/crypto/evp/evp.h
 
============================================================
================
  $ cvs diff -u -r1.171 -r1.172 evp.h
  --- openssl/crypto/evp/evp.h	11 Apr 2007 12:32:57
-0000	1.171
  +++ openssl/crypto/evp/evp.h	11 Apr 2007 17:20:39
-0000	1.172
   -1027,6 +1027,9 
   int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
   void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int
*dat, int datlen);
   
  +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
  +				unsigned char *key, int keylen);
  +
   void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void
*data);
   void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
   EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
   .
  patch -p0 <<' .'
  Index: openssl/crypto/evp/pmeth_gn.c
 
============================================================
================
  $ cvs diff -u -r1.3 -r1.4 pmeth_gn.c
  --- openssl/crypto/evp/pmeth_gn.c	31 May 2006 17:34:14
-0000	1.3
  +++ openssl/crypto/evp/pmeth_gn.c	11 Apr 2007 17:20:40
-0000	1.4
   -196,3 +196,24 
   		return 0;
   	return ctx->keygen_info[idx];
   	}
  +
  +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
  +				unsigned char *key, int keylen)
  +	{
  +	EVP_PKEY_CTX *mac_ctx = NULL;
  +	EVP_PKEY *mac_key = NULL;
  +	mac_ctx = EVP_PKEY_CTX_new_id(type, e);
  +	if (!mac_ctx)
  +		return NULL;
  +	if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
  +		goto merr;
  +	if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
  +				EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0)
  +		goto merr;
  +	if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
  +		goto merr;
  +	merr:
  +	if (mac_ctx)
  +		EVP_PKEY_CTX_free(mac_ctx);
  +	return mac_key;
  +	}
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )