From 9f25263f6d3645e1c2381f3d80a312b59f7e44d0 Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 01:42:54 +0000 Subject: [PATCH 1/6] Fix DHE-RSA-AES256-GCM-SHA384 internal error --- ScosslCommon/src/scossl_dh.c | 2 +- .../src/keymgmt/p_scossl_dh_keymgmt.c | 20 +++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/ScosslCommon/src/scossl_dh.c b/ScosslCommon/src/scossl_dh.c index d31c4837..f972c54a 100644 --- a/ScosslCommon/src/scossl_dh.c +++ b/ScosslCommon/src/scossl_dh.c @@ -308,7 +308,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, } } - scError = SymCryptDlkeyGenerate(SYMCRYPT_FLAG_DLKEY_DH, ctx->dlkey); + scError = SymCryptDlkeyGenerate(SYMCRYPT_FLAG_DLKEY_DH | SYMCRYPT_FLAG_DLKEY_GEN_MODP | SYMCRYPT_FLAG_KEY_NO_FIPS, ctx->dlkey); if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index b0dacb33..9902f43a 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -55,6 +55,9 @@ static const OSSL_PARAM p_scossl_dh_keygen_param_types[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), + OSSL_PARAM_size_t("dh_paramgen_prime_len", NULL), + OSSL_PARAM_size_t("dh_paramgen_subprime_len", NULL), + OSSL_PARAM_uint("dh_paramgen_generator", NULL), OSSL_PARAM_END}; // Import/export types @@ -86,6 +89,7 @@ static const OSSL_PARAM p_scossl_dh_keymgmt_gettable_param_types[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), @@ -519,8 +523,7 @@ static SCOSSL_DH_KEYGEN_CTX *p_scossl_dh_keygen_init(_In_ SCOSSL_PROVCTX *provCt static SCOSSL_STATUS p_scossl_dh_keygen_set_template(_Inout_ SCOSSL_DH_KEYGEN_CTX *genCtx, _In_ SCOSSL_PROV_DH_KEY_CTX *tmplCtx) { if (genCtx == NULL || - tmplCtx == NULL || - tmplCtx->groupSetByParams) + tmplCtx == NULL) { return SCOSSL_FAILURE; } @@ -934,7 +937,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + return SCOSSL_SUCCESS; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) @@ -944,7 +947,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX !OSSL_PARAM_set_int(p, BN_security_bits(pubKeyBits, privKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + return SCOSSL_SUCCESS; } } @@ -952,14 +955,14 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits / 8))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + return SCOSSL_SUCCESS; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PRIV_LEN)) != NULL && (privKeyBits < 0 || !OSSL_PARAM_set_int(p, privKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + return SCOSSL_SUCCESS; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) @@ -1226,7 +1229,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_import(_Inout_ SCOSSL_PROV_DH_KEY_CTX * ctx->pDlGroup = pDlGroup; ctx->groupSetByParams = groupSetByParams; ctx->nBitsPriv = nBitsPriv; - + ctx->keyCtx->initialized = TRUE; ret = SCOSSL_SUCCESS; cleanup: @@ -1257,7 +1260,8 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx { OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL; - BOOL includePublic = (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0; + // Always export public key if key is initialized + BOOL includePublic = ctx->keyCtx->initialized; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; PBYTE pbPrimeP = NULL; PBYTE pbPrimeQ = NULL; From a645c73d3f8e1d60e8043cf15f73bfc1b7747793 Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 16:43:33 +0000 Subject: [PATCH 2/6] remove unnecessary change --- SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 9902f43a..2dc55e8a 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -89,7 +89,6 @@ static const OSSL_PARAM p_scossl_dh_keymgmt_gettable_param_types[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), @@ -937,7 +936,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_SUCCESS; + return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) @@ -947,7 +946,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX !OSSL_PARAM_set_int(p, BN_security_bits(pubKeyBits, privKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_SUCCESS; + return SCOSSL_FAILURE; } } @@ -955,7 +954,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits / 8))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_SUCCESS; + return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PRIV_LEN)) != NULL && @@ -1229,7 +1228,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_import(_Inout_ SCOSSL_PROV_DH_KEY_CTX * ctx->pDlGroup = pDlGroup; ctx->groupSetByParams = groupSetByParams; ctx->nBitsPriv = nBitsPriv; - ctx->keyCtx->initialized = TRUE; + ret = SCOSSL_SUCCESS; cleanup: From 2968867c5d830fc72bd614f6a55d14e4049c54bb Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 16:47:52 +0000 Subject: [PATCH 3/6] remove one more unused change --- SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 2dc55e8a..66cc1ebe 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -961,7 +961,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX (privKeyBits < 0 || !OSSL_PARAM_set_int(p, privKeyBits))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_SUCCESS; + return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) From f708c663901eb1d9ad87053202996b4a1701ea7b Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 16:53:44 +0000 Subject: [PATCH 4/6] remove one more unused --- SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 66cc1ebe..5d79d311 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -1260,7 +1260,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL; // Always export public key if key is initialized - BOOL includePublic = ctx->keyCtx->initialized; + BOOL includePublic = (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0;; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; PBYTE pbPrimeP = NULL; PBYTE pbPrimeQ = NULL; From 788cc095af504ed6604ed3e300f0b2c504d3ef42 Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 16:55:00 +0000 Subject: [PATCH 5/6] remove comments --- SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 5d79d311..be2ccba0 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -1259,7 +1259,6 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx { OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL; - // Always export public key if key is initialized BOOL includePublic = (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0;; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; PBYTE pbPrimeP = NULL; From 8476b7490af419016bd8a383fd0dbc0ed0a78b20 Mon Sep 17 00:00:00 2001 From: liumegan Date: Tue, 5 Aug 2025 16:55:54 +0000 Subject: [PATCH 6/6] remove ; --- SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index be2ccba0..3dd9356f 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -1259,7 +1259,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx { OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL; - BOOL includePublic = (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0;; + BOOL includePublic = (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; PBYTE pbPrimeP = NULL; PBYTE pbPrimeQ = NULL;