Add back support for EVP_PKEY_HMAC #1324
Conversation
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
2 times, most recently
from
d63dd27 to
99c9474
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #1324 +/- ##
========================================
Coverage 76.78% 76.79%
========================================
Files 422 424 +2
Lines 71267 71392 +125
========================================
+ Hits 54725 54826 +101
- Misses 16542 16566 +24 ☔ View full report in Codecov by Sentry. |
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
from
500d369 to
a8f1c87
Compare
|
Bind9 consumes |
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
4 times, most recently
from
b460815 to
3f92262
Compare
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
3 times, most recently
from
3486667 to
75caba2
Compare
crypto/fipsmodule/evp/digestsign.c
Outdated
| return 0; | ||
| if (pkey->type == EVP_PKEY_HMAC) { | ||
| // |ctx->update| gets repurposed as a hook to call |HMAC_Update|. | ||
| // |ctx->update| is normally copied from |mctx->digest->update|, but |
There was a problem hiding this comment.
What is mctx? or was it supposed to be pctx?
There was a problem hiding this comment.
I forgot to update this, it's ctx->digest->update from the same structure.
| } | ||
| return 1; | ||
| } | ||
|
|
||
| ctx->digest->init(ctx); |
There was a problem hiding this comment.
Is this still required in the case of used_for_hmac(ctx)?
There was a problem hiding this comment.
No, it's the original EVP_Digest digest code path. HMAC specific logic is contained within used_for_hmac
crypto/fipsmodule/evp/evp.c
Outdated
| // HMAC keys aren't absolutely required for HMAC operations, but the | ||
| // combination below isn't allowed. |
There was a problem hiding this comment.
| // HMAC keys aren't absolutely required for HMAC operations, but the | |
| // combination below isn't allowed. | |
| // HMAC keys aren't absolutely required for HMAC operations (can be NULL), | |
| // but in that case, their length must be zero. |
There was a problem hiding this comment.
Also added this to the API documentation
|
Should the PR description reflect that the difference in design from the original brought-back commit? |
| } | ||
| return 1; | ||
| } | ||
|
|
||
| ctx->digest->init(ctx); |
There was a problem hiding this comment.
No, it's the original EVP_Digest digest code path. HMAC specific logic is contained within used_for_hmac
crypto/fipsmodule/evp/digestsign.c
Outdated
| return 0; | ||
| if (pkey->type == EVP_PKEY_HMAC) { | ||
| // |ctx->update| gets repurposed as a hook to call |HMAC_Update|. | ||
| // |ctx->update| is normally copied from |mctx->digest->update|, but |
There was a problem hiding this comment.
I forgot to update this, it's ctx->digest->update from the same structure.
crypto/fipsmodule/evp/evp.c
Outdated
| // HMAC keys aren't absolutely required for HMAC operations, but the | ||
| // combination below isn't allowed. |
There was a problem hiding this comment.
Also added this to the API documentation
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
from
f1cfc5f to
a32e47c
Compare
| @@ -130,7 +144,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Need to bail early for these functions if called with an HMAC type pkey?
- EVP_DigestVerifyFinal
- EVP_DigestVerify
There was a problem hiding this comment.
Nice detail, I've added an additional HMACTest.EVP_DigestVerify test to verify that the emitted error codes are what we want.
I was about to add some checks to bail early, but I noticed that the consistent behavior of the APIs was to bail if either verify or verify_message wasn't defined as a EVP_PKEY_METHOD (which is the case for HMAC here). In that case, should we still add the additional HMAC specific logic here? But, no strong opinions either way.
There was a problem hiding this comment.
Added 984fccc per our discussion :)
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
from
e49b791 to
eb28388
Compare
include/openssl/digest.h
Outdated
| // 1. Set flag |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX|, so as to let |*pctx| refrain | ||
| // from being freed when |*pctx| was set externally with | ||
| // |EVP_MD_CTX_set_pkey_ctx|. | ||
| // 2. Set flag |EVP_MD_CTX_FLAG_NO_INIT| for |EVP_PKEY_HMAC|. |
There was a problem hiding this comment.
The comment mentions constant EVP_MD_CTX_FLAG_NO_INIT, but the code checks for EVP_MD_CTX_HMAC. Could it be that EVP_MD_CTX_FLAG_NO_INIT is deprecated? Maybe the comment needs to be updated?
There was a problem hiding this comment.
Yes it should be EVP_MD_CTX_HMAC I'll change this rn
samuel40791765
dismissed stale reviews from torben-hansen and andrewhop
via
6df1d67
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
from
6df1d67 to
cbb2d32
Compare
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
2 times, most recently
from
73f3740 to
0ffe09c
Compare
samuel40791765
force-pushed
the
evp-pkey-hmac
branch
from
0ffe09c to
52ea5f9
Compare
Some legacy libraries still depend on `EVP_PKEY_HMAC` unfortunately, so we're adding back support. OpenSSL 3.0 hasn't deprecated support for this either, so we still need to support this for the SHIM layer long term. Much of logic was reapplied from the [original commit removal] (https://github.com/google/boringssl/commit/ 65ee9b7), but I've cleaned up some unneeded branching logic to makes things more straight forward. We've also made modifications to remove the need for additional `EVP_PKEY` function pointers and `ctrl` logic. Since HMAC needs to be specially handled in many of the `EVP_DigestSign*` APIs, the additional function pointers make much less sense. We can just directly make calls to `HMAC_CTX` without the `EVP_PKEY_METHOD` redirections.
Issues:
Resolves
CryptoAlg-1704Description of changes:
Some legacy libraries still depend on
EVP_PKEY_HMACunfortunately, so we're adding back support. OpenSSL 3.0 hasn't deprecated support for this either, so we still need to support this for the SHIM layer long term. Much of logic was reapplied from the original commit removal, but I've cleaned some unneeded branching logic to makes things more straight forward.The original
EVP_PKEY_HMACcode from OpenSSL 1.1.1 exists in these two files:The code has remained relatively untouched since the removal in BoringSSL.
We've also made modifications to remove the need for additional
EVP_PKEYfunction pointers andctrllogic. Since HMAC needs to be specially handled in many of theEVP_DigestSign*APIs, the additional function pointers make much less sense. We can just directly make calls toHMAC_CTXwithout theEVP_PKEY_METHODredirections.Call-outs:
EVP_PKEY_HMACand add follow up comments for service indicator adjustmentsEVP_PKEY_CTX_dupwithEVP_PKEY_HMACTesting:
New tests
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.