Update contrib/restricted/aws/s2n to 1.3.41

author: robot-contrib <robot-contrib@yandex-team.com> 2023-04-07 14:28:41 +0300
committer: robot-contrib <robot-contrib@yandex-team.com> 2023-04-07 14:28:41 +0300
commit: bebed7ab9b918d9bb64cc4d8ccf739be80fa1e4b (patch)
tree: 4cbf5baa5ce1d206c534a68bff66253bd35e4c73 /contrib/restricted/aws/s2n/pq-crypto
parent: bcaaf7514561a925d14b81a86b96b9ed80c16f33 (diff)
download: ydb-bebed7ab9b918d9bb64cc4d8ccf739be80fa1e4b.tar.gz
1 files changed, 21 insertions, 15 deletions
diff --git a/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c b/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c
index 3d8411d6de..7a389162ed 100644
--- a/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c
+++ b/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c
@@ -20,21 +20,27 @@
 
 #include "error/s2n_errno.h"
 #include "tls/s2n_kem.h"
+#include "utils/s2n_safety.h"
 #include "utils/s2n_safety_macros.h"
 
-#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER512)
-int s2n_kyber_512_evp_generate_keypair(uint8_t *public_key, uint8_t *private_key) {
-    EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KYBER512, NULL);
+#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER512) && !defined(S2N_NO_PQ)
+
+DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY *, EVP_PKEY_free);
+DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY_CTX *, EVP_PKEY_CTX_free);
+
+int s2n_kyber_512_evp_generate_keypair(uint8_t *public_key, uint8_t *secret_key) {
+    DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, NULL), EVP_PKEY_CTX_free_pointer);
     POSIX_GUARD_PTR(kyber_pkey_ctx);
+    POSIX_GUARD_OSSL(EVP_PKEY_CTX_kem_set_params(kyber_pkey_ctx, NID_KYBER512_R3), S2N_ERR_PQ_CRYPTO);
     POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(kyber_pkey_ctx), S2N_ERR_PQ_CRYPTO);
 
-    EVP_PKEY *kyber_pkey = NULL;
+    DEFER_CLEANUP(EVP_PKEY *kyber_pkey = NULL, EVP_PKEY_free_pointer);
     POSIX_GUARD_OSSL(EVP_PKEY_keygen(kyber_pkey_ctx, &kyber_pkey), S2N_ERR_PQ_CRYPTO);
 
     size_t public_key_size = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES;
-    size_t private_key_size = S2N_KYBER_512_R3_SECRET_KEY_BYTES;
+    size_t secret_key_size = S2N_KYBER_512_R3_SECRET_KEY_BYTES;
     POSIX_GUARD_OSSL(EVP_PKEY_get_raw_public_key(kyber_pkey, public_key, &public_key_size), S2N_ERR_PQ_CRYPTO);
-    POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kyber_pkey, private_key, &private_key_size), S2N_ERR_PQ_CRYPTO);
+    POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kyber_pkey, secret_key, &secret_key_size), S2N_ERR_PQ_CRYPTO);
 
     return S2N_SUCCESS;
 }
@@ -42,10 +48,10 @@ int s2n_kyber_512_evp_generate_keypair(uint8_t *public_key, uint8_t *private_key
 int s2n_kyber_512_evp_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,
                                   const uint8_t *public_key) {
     size_t public_key_size = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES;
-    EVP_PKEY *kyber_pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_KYBER512, NULL, public_key, public_key_size);
+    DEFER_CLEANUP(EVP_PKEY *kyber_pkey = EVP_PKEY_kem_new_raw_public_key(NID_KYBER512_R3, public_key, public_key_size), EVP_PKEY_free_pointer);
     POSIX_GUARD_PTR(kyber_pkey);
 
-    EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL);
+    DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL), EVP_PKEY_CTX_free_pointer);
     POSIX_GUARD_PTR(kyber_pkey_ctx);
 
     size_t cipher_text_size = S2N_KYBER_512_R3_CIPHERTEXT_BYTES;
@@ -56,21 +62,21 @@ int s2n_kyber_512_evp_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret,
 }
 
 int s2n_kyber_512_evp_decapsulate(uint8_t *shared_secret, const uint8_t *ciphertext,
-                                  const uint8_t *private_key) {
-    size_t private_key_size = S2N_KYBER_512_R3_SECRET_KEY_BYTES;
-    EVP_PKEY *kyber_pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_KYBER512, NULL, private_key, private_key_size);
+                                  const uint8_t *secret_key) {
+    size_t secret_key_size = S2N_KYBER_512_R3_SECRET_KEY_BYTES;
+    DEFER_CLEANUP(EVP_PKEY *kyber_pkey = EVP_PKEY_kem_new_raw_secret_key(NID_KYBER512_R3, secret_key, secret_key_size), EVP_PKEY_free_pointer);
     POSIX_GUARD_PTR(kyber_pkey);
 
-    EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL);
+    DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL), EVP_PKEY_CTX_free_pointer);
     POSIX_GUARD_PTR(kyber_pkey_ctx);
 
     size_t shared_secret_size = S2N_KYBER_512_R3_SHARED_SECRET_BYTES;
     POSIX_GUARD_OSSL(EVP_PKEY_decapsulate(kyber_pkey_ctx, shared_secret, &shared_secret_size, (uint8_t *) ciphertext,
-                                      S2N_KYBER_512_R3_CIPHERTEXT_BYTES), S2N_ERR_PQ_CRYPTO);
+                                          S2N_KYBER_512_R3_CIPHERTEXT_BYTES), S2N_ERR_PQ_CRYPTO);
     return S2N_SUCCESS;
 }
 #else
-int s2n_kyber_512_evp_generate_keypair(OUT uint8_t *public_key, OUT uint8_t *private_key) {
+int s2n_kyber_512_evp_generate_keypair(OUT uint8_t *public_key, OUT uint8_t *secret_key) {
     POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
 }
 
@@ -80,7 +86,7 @@ int s2n_kyber_512_evp_encapsulate(OUT uint8_t *ciphertext, OUT uint8_t *shared_s
 }
 
 int s2n_kyber_512_evp_decapsulate(OUT uint8_t *shared_secret, IN const uint8_t *ciphertext,
-                                  IN const uint8_t *private_key) {
+                                  IN const uint8_t *secret_key) {
     POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
 }
 #endif
author	robot-contrib <robot-contrib@yandex-team.com>	2023-04-07 14:28:41 +0300
committer	robot-contrib <robot-contrib@yandex-team.com>	2023-04-07 14:28:41 +0300
commit	bebed7ab9b918d9bb64cc4d8ccf739be80fa1e4b (patch)
tree	4cbf5baa5ce1d206c534a68bff66253bd35e4c73 /contrib/restricted/aws/s2n/pq-crypto
parent	bcaaf7514561a925d14b81a86b96b9ed80c16f33 (diff)
download	ydb-bebed7ab9b918d9bb64cc4d8ccf739be80fa1e4b.tar.gz