From 971e589ad5e421fd4ac8720af57a1a01dae63f5e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 16 Oct 2025 15:48:07 -0400 Subject: [PATCH] kdfs: Use include file for generated code Signed-off-by: Simo Sorce Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28838) --- .gitignore | 28 ++--- build.info | 112 +++++++++--------- .../kdfs/{argon2.c.in => argon2.c} | 24 +--- providers/implementations/kdfs/argon2.inc.in | 31 +++++ .../kdfs/{hkdf.c.in => hkdf.c} | 63 +--------- providers/implementations/kdfs/hkdf.inc.in | 59 +++++++++ .../{hmacdrbg_kdf.c.in => hmacdrbg_kdf.c} | 17 +-- .../implementations/kdfs/hmacdrbg_kdf.inc.in | 25 ++++ .../kdfs/{kbkdf.c.in => kbkdf.c} | 27 +---- providers/implementations/kdfs/kbkdf.inc.in | 34 ++++++ .../kdfs/{krb5kdf.c.in => krb5kdf.c} | 17 +-- providers/implementations/kdfs/krb5kdf.inc.in | 24 ++++ .../kdfs/{pbkdf1.c.in => pbkdf1.c} | 17 +-- providers/implementations/kdfs/pbkdf1.inc.in | 25 ++++ .../kdfs/{pbkdf2.c.in => pbkdf2.c} | 19 +-- providers/implementations/kdfs/pbkdf2.inc.in | 27 +++++ .../kdfs/{pkcs12kdf.c.in => pkcs12kdf.c} | 18 +-- .../implementations/kdfs/pkcs12kdf.inc.in | 26 ++++ .../kdfs/{pvkkdf.c.in => pvkkdf.c} | 16 +-- providers/implementations/kdfs/pvkkdf.inc.in | 24 ++++ .../kdfs/{scrypt.c.in => scrypt.c} | 18 +-- providers/implementations/kdfs/scrypt.inc.in | 26 ++++ .../kdfs/{sshkdf.c.in => sshkdf.c} | 21 +--- providers/implementations/kdfs/sshkdf.inc.in | 29 +++++ .../kdfs/{sskdf.c.in => sskdf.c} | 44 +------ providers/implementations/kdfs/sskdf.inc.in | 44 +++++++ .../kdfs/{tls1_prf.c.in => tls1_prf.c} | 21 +--- .../implementations/kdfs/tls1_prf.inc.in | 28 +++++ .../kdfs/{x942kdf.c.in => x942kdf.c} | 26 +--- providers/implementations/kdfs/x942kdf.inc.in | 34 ++++++ 30 files changed, 532 insertions(+), 392 deletions(-) rename providers/implementations/kdfs/{argon2.c.in => argon2.c} (97%) create mode 100644 providers/implementations/kdfs/argon2.inc.in rename providers/implementations/kdfs/{hkdf.c.in => hkdf.c} (90%) create mode 100644 providers/implementations/kdfs/hkdf.inc.in rename providers/implementations/kdfs/{hmacdrbg_kdf.c.in => hmacdrbg_kdf.c} (90%) create mode 100644 providers/implementations/kdfs/hmacdrbg_kdf.inc.in rename providers/implementations/kdfs/{kbkdf.c.in => kbkdf.c} (90%) create mode 100644 providers/implementations/kdfs/kbkdf.inc.in rename providers/implementations/kdfs/{krb5kdf.c.in => krb5kdf.c} (95%) create mode 100644 providers/implementations/kdfs/krb5kdf.inc.in rename providers/implementations/kdfs/{pbkdf1.c.in => pbkdf1.c} (92%) create mode 100644 providers/implementations/kdfs/pbkdf1.inc.in rename providers/implementations/kdfs/{pbkdf2.c.in => pbkdf2.c} (93%) create mode 100644 providers/implementations/kdfs/pbkdf2.inc.in rename providers/implementations/kdfs/{pkcs12kdf.c.in => pkcs12kdf.c} (90%) create mode 100644 providers/implementations/kdfs/pkcs12kdf.inc.in rename providers/implementations/kdfs/{pvkkdf.c.in => pvkkdf.c} (90%) create mode 100644 providers/implementations/kdfs/pvkkdf.inc.in rename providers/implementations/kdfs/{scrypt.c.in => scrypt.c} (94%) create mode 100644 providers/implementations/kdfs/scrypt.inc.in rename providers/implementations/kdfs/{sshkdf.c.in => sshkdf.c} (90%) create mode 100644 providers/implementations/kdfs/sshkdf.inc.in rename providers/implementations/kdfs/{sskdf.c.in => sskdf.c} (90%) create mode 100644 providers/implementations/kdfs/sskdf.inc.in rename providers/implementations/kdfs/{tls1_prf.c.in => tls1_prf.c} (94%) create mode 100644 providers/implementations/kdfs/tls1_prf.inc.in rename providers/implementations/kdfs/{x942kdf.c.in => x942kdf.c} (92%) create mode 100644 providers/implementations/kdfs/x942kdf.inc.in diff --git a/.gitignore b/.gitignore index 9f827a4e3cb..6934a9d96e4 100644 --- a/.gitignore +++ b/.gitignore @@ -98,20 +98,20 @@ providers/implementations/encode_decode/decode_pvk2key.inc providers/implementations/encode_decode/decode_spki2typespki.inc providers/implementations/encode_decode/encode_key2any.inc providers/implementations/encode_decode/encode_key2ms.inc -providers/implementations/kdfs/argon2.c -providers/implementations/kdfs/hkdf.c -providers/implementations/kdfs/hmacdrbg_kdf.c -providers/implementations/kdfs/kbkdf.c -providers/implementations/kdfs/krb5kdf.c -providers/implementations/kdfs/pbkdf1.c -providers/implementations/kdfs/pbkdf2.c -providers/implementations/kdfs/pkcs12kdf.c -providers/implementations/kdfs/pvkkdf.c -providers/implementations/kdfs/scrypt.c -providers/implementations/kdfs/sshkdf.c -providers/implementations/kdfs/sskdf.c -providers/implementations/kdfs/tls1_prf.c -providers/implementations/kdfs/x942kdf.c +providers/implementations/kdfs/argon2.inc +providers/implementations/kdfs/hkdf.inc +providers/implementations/kdfs/hmacdrbg_kdf.inc +providers/implementations/kdfs/kbkdf.inc +providers/implementations/kdfs/krb5kdf.inc +providers/implementations/kdfs/pbkdf1.inc +providers/implementations/kdfs/pbkdf2.inc +providers/implementations/kdfs/pkcs12kdf.inc +providers/implementations/kdfs/pvkkdf.inc +providers/implementations/kdfs/scrypt.inc +providers/implementations/kdfs/sshkdf.inc +providers/implementations/kdfs/sskdf.inc +providers/implementations/kdfs/tls1_prf.inc +providers/implementations/kdfs/x942kdf.inc providers/implementations/kem/ec_kem.c providers/implementations/kem/ecx_kem.c providers/implementations/kem/ml_kem_kem.c diff --git a/build.info b/build.info index 0dc15c8d825..fbea823d905 100644 --- a/build.info +++ b/build.info @@ -60,20 +60,20 @@ DEPEND[]=include/openssl/asn1.h \ providers/implementations/encode_decode/decode_spki2typespki.inc \ providers/implementations/encode_decode/encode_key2any.inc \ providers/implementations/encode_decode/encode_key2ms.inc \ - providers/implementations/kdfs/argon2.c \ - providers/implementations/kdfs/hkdf.c \ - providers/implementations/kdfs/hmacdrbg_kdf.c \ - providers/implementations/kdfs/kbkdf.c \ - providers/implementations/kdfs/krb5kdf.c \ - providers/implementations/kdfs/pbkdf1.c \ - providers/implementations/kdfs/pbkdf2.c \ - providers/implementations/kdfs/pkcs12kdf.c \ - providers/implementations/kdfs/pvkkdf.c \ - providers/implementations/kdfs/scrypt.c \ - providers/implementations/kdfs/sshkdf.c \ - providers/implementations/kdfs/sskdf.c \ - providers/implementations/kdfs/tls1_prf.c \ - providers/implementations/kdfs/x942kdf.c \ + providers/implementations/kdfs/argon2.inc \ + providers/implementations/kdfs/hkdf.inc \ + providers/implementations/kdfs/hmacdrbg_kdf.inc \ + providers/implementations/kdfs/kbkdf.inc \ + providers/implementations/kdfs/krb5kdf.inc \ + providers/implementations/kdfs/pbkdf1.inc \ + providers/implementations/kdfs/pbkdf2.inc \ + providers/implementations/kdfs/pkcs12kdf.inc \ + providers/implementations/kdfs/pvkkdf.inc \ + providers/implementations/kdfs/scrypt.inc \ + providers/implementations/kdfs/sshkdf.inc \ + providers/implementations/kdfs/sskdf.inc \ + providers/implementations/kdfs/tls1_prf.inc \ + providers/implementations/kdfs/x942kdf.inc \ providers/implementations/kem/ec_kem.c \ providers/implementations/kem/ecx_kem.c \ providers/implementations/kem/ml_kem_kem.c \ @@ -178,20 +178,20 @@ DEPEND[providers/implementations/asymciphers/rsa_enc.inc \ providers/implementations/encode_decode/decode_spki2typespki.inc \ providers/implementations/encode_decode/encode_key2any.inc \ providers/implementations/encode_decode/encode_key2ms.inc \ - providers/implementations/kdfs/argon2.c \ - providers/implementations/kdfs/hkdf.c \ - providers/implementations/kdfs/hmacdrbg_kdf.c \ - providers/implementations/kdfs/kbkdf.c \ - providers/implementations/kdfs/krb5kdf.c \ - providers/implementations/kdfs/pbkdf1.c \ - providers/implementations/kdfs/pbkdf2.c \ - providers/implementations/kdfs/pkcs12kdf.c \ - providers/implementations/kdfs/pvkkdf.c \ - providers/implementations/kdfs/scrypt.c \ - providers/implementations/kdfs/sshkdf.c \ - providers/implementations/kdfs/sskdf.c \ - providers/implementations/kdfs/tls1_prf.c \ - providers/implementations/kdfs/x942kdf.c \ + providers/implementations/kdfs/argon2.inc \ + providers/implementations/kdfs/hkdf.inc \ + providers/implementations/kdfs/hmacdrbg_kdf.inc \ + providers/implementations/kdfs/kbkdf.inc \ + providers/implementations/kdfs/krb5kdf.inc \ + providers/implementations/kdfs/pbkdf1.inc \ + providers/implementations/kdfs/pbkdf2.inc \ + providers/implementations/kdfs/pkcs12kdf.inc \ + providers/implementations/kdfs/pvkkdf.inc \ + providers/implementations/kdfs/scrypt.inc \ + providers/implementations/kdfs/sshkdf.inc \ + providers/implementations/kdfs/sskdf.inc \ + providers/implementations/kdfs/tls1_prf.inc \ + providers/implementations/kdfs/x942kdf.inc \ providers/implementations/kem/ec_kem.c \ providers/implementations/kem/ecx_kem.c \ providers/implementations/kem/ml_kem_kem.c \ @@ -275,34 +275,34 @@ GENERATE[providers/implementations/encode_decode/encode_key2any.inc]=\ providers/implementations/encode_decode/encode_key2any.inc.in GENERATE[providers/implementations/encode_decode/encode_key2ms.inc]=\ providers/implementations/encode_decode/encode_key2ms.inc.in -GENERATE[providers/implementations/kdfs/argon2.c]=\ - providers/implementations/kdfs/argon2.c.in -GENERATE[providers/implementations/kdfs/hkdf.c]=\ - providers/implementations/kdfs/hkdf.c.in -GENERATE[providers/implementations/kdfs/hmacdrbg_kdf.c]=\ - providers/implementations/kdfs/hmacdrbg_kdf.c.in -GENERATE[providers/implementations/kdfs/kbkdf.c]=\ - providers/implementations/kdfs/kbkdf.c.in -GENERATE[providers/implementations/kdfs/krb5kdf.c]=\ - providers/implementations/kdfs/krb5kdf.c.in -GENERATE[providers/implementations/kdfs/pbkdf1.c]=\ - providers/implementations/kdfs/pbkdf1.c.in -GENERATE[providers/implementations/kdfs/pbkdf2.c]=\ - providers/implementations/kdfs/pbkdf2.c.in -GENERATE[providers/implementations/kdfs/pkcs12kdf.c]=\ - providers/implementations/kdfs/pkcs12kdf.c.in -GENERATE[providers/implementations/kdfs/pvkkdf.c]=\ - providers/implementations/kdfs/pvkkdf.c.in -GENERATE[providers/implementations/kdfs/scrypt.c]=\ - providers/implementations/kdfs/scrypt.c.in -GENERATE[providers/implementations/kdfs/sshkdf.c]=\ - providers/implementations/kdfs/sshkdf.c.in -GENERATE[providers/implementations/kdfs/sskdf.c]=\ - providers/implementations/kdfs/sskdf.c.in -GENERATE[providers/implementations/kdfs/tls1_prf.c]=\ - providers/implementations/kdfs/tls1_prf.c.in -GENERATE[providers/implementations/kdfs/x942kdf.c]=\ - providers/implementations/kdfs/x942kdf.c.in +GENERATE[providers/implementations/kdfs/argon2.inc]=\ + providers/implementations/kdfs/argon2.inc.in +GENERATE[providers/implementations/kdfs/hkdf.inc]=\ + providers/implementations/kdfs/hkdf.inc.in +GENERATE[providers/implementations/kdfs/hmacdrbg_kdf.inc]=\ + providers/implementations/kdfs/hmacdrbg_kdf.inc.in +GENERATE[providers/implementations/kdfs/kbkdf.inc]=\ + providers/implementations/kdfs/kbkdf.inc.in +GENERATE[providers/implementations/kdfs/krb5kdf.inc]=\ + providers/implementations/kdfs/krb5kdf.inc.in +GENERATE[providers/implementations/kdfs/pbkdf1.inc]=\ + providers/implementations/kdfs/pbkdf1.inc.in +GENERATE[providers/implementations/kdfs/pbkdf2.inc]=\ + providers/implementations/kdfs/pbkdf2.inc.in +GENERATE[providers/implementations/kdfs/pkcs12kdf.inc]=\ + providers/implementations/kdfs/pkcs12kdf.inc.in +GENERATE[providers/implementations/kdfs/pvkkdf.inc]=\ + providers/implementations/kdfs/pvkkdf.inc.in +GENERATE[providers/implementations/kdfs/scrypt.inc]=\ + providers/implementations/kdfs/scrypt.inc.in +GENERATE[providers/implementations/kdfs/sshkdf.inc]=\ + providers/implementations/kdfs/sshkdf.inc.in +GENERATE[providers/implementations/kdfs/sskdf.inc]=\ + providers/implementations/kdfs/sskdf.inc.in +GENERATE[providers/implementations/kdfs/tls1_prf.inc]=\ + providers/implementations/kdfs/tls1_prf.inc.in +GENERATE[providers/implementations/kdfs/x942kdf.inc]=\ + providers/implementations/kdfs/x942kdf.inc.in GENERATE[providers/implementations/kem/ec_kem.c]=\ providers/implementations/kem/ec_kem.c.in GENERATE[providers/implementations/kem/ecx_kem.c]=\ diff --git a/providers/implementations/kdfs/argon2.c.in b/providers/implementations/kdfs/argon2.c similarity index 97% rename from providers/implementations/kdfs/argon2.c.in rename to providers/implementations/kdfs/argon2.c index 3b99b5b5486..7161be8770e 100644 --- a/providers/implementations/kdfs/argon2.c.in +++ b/providers/implementations/kdfs/argon2.c @@ -9,9 +9,6 @@ * RFC 9106 Argon2 (see https://www.rfc-editor.org/rfc/rfc9106.txt) * */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -46,6 +43,8 @@ use OpenSSL::paramnames qw(produce_param_decoder); #ifndef OPENSSL_NO_ARGON2 +# include "providers/implementations/kdfs/argon2.inc" + # define ARGON2_MIN_LANES 1u # define ARGON2_MAX_LANES 0xFFFFFFu # define ARGON2_MIN_THREADS 1u @@ -1394,21 +1393,6 @@ static int set_property_query(KDF_ARGON2 *ctx, const char *propq) return 1; } -{- produce_param_decoder('argon2_set_ctx_params', - (['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_ARGON2_AD', 'ad', 'octet_string'], - ['OSSL_KDF_PARAM_SIZE', 'size', 'uint32'], - ['OSSL_KDF_PARAM_ITER', 'iter', 'uint32'], - ['OSSL_KDF_PARAM_THREADS', 'thrds', 'uint32'], - ['OSSL_KDF_PARAM_ARGON2_LANES', 'lanes', 'uint32'], - ['OSSL_KDF_PARAM_ARGON2_MEMCOST', 'mem', 'uint32'], - ['OSSL_KDF_PARAM_EARLY_CLEAN', 'eclean', 'uint32'], - ['OSSL_KDF_PARAM_ARGON2_VERSION', 'vers', 'uint32'], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - )); -} - static int argon2_set_ctx_params(KDF_ARGON2 *ctx, const OSSL_PARAM params[], OSSL_PARAM **size_param_ptr) { @@ -1501,10 +1485,6 @@ static const OSSL_PARAM *kdf_argon2_settable_ctx_params(ossl_unused void *ctx, return argon2_set_ctx_params_list; } -{- produce_param_decoder('argon2_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int kdf_argon2_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct argon2_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/argon2.inc.in b/providers/implementations/kdfs/argon2.inc.in new file mode 100644 index 00000000000..d1fbe2b8bc1 --- /dev/null +++ b/providers/implementations/kdfs/argon2.inc.in @@ -0,0 +1,31 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('argon2_set_ctx_params', + (['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_ARGON2_AD', 'ad', 'octet_string'], + ['OSSL_KDF_PARAM_SIZE', 'size', 'uint32'], + ['OSSL_KDF_PARAM_ITER', 'iter', 'uint32'], + ['OSSL_KDF_PARAM_THREADS', 'thrds', 'uint32'], + ['OSSL_KDF_PARAM_ARGON2_LANES', 'lanes', 'uint32'], + ['OSSL_KDF_PARAM_ARGON2_MEMCOST', 'mem', 'uint32'], + ['OSSL_KDF_PARAM_EARLY_CLEAN', 'eclean', 'uint32'], + ['OSSL_KDF_PARAM_ARGON2_VERSION', 'vers', 'uint32'], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + )); -} + +{- produce_param_decoder('argon2_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/hkdf.c.in b/providers/implementations/kdfs/hkdf.c similarity index 90% rename from providers/implementations/kdfs/hkdf.c.in rename to providers/implementations/kdfs/hkdf.c index 5f118bb9caf..bb91b966bfb 100644 --- a/providers/implementations/kdfs/hkdf.c.in +++ b/providers/implementations/kdfs/hkdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * HMAC low level APIs are deprecated for public use, but still ok for internal @@ -282,6 +279,12 @@ struct hkdf_all_set_ctx_params_st { int num_info; }; +#define hkdf_set_ctx_params_st hkdf_all_set_ctx_params_st +#define hkdf_fixed_digest_set_ctx_params_st hkdf_all_set_ctx_params_st +#define kdf_tls1_3_set_ctx_params_st hkdf_all_set_ctx_params_st + +#include "providers/implementations/kdfs/hkdf.inc" + static int hkdf_common_set_ctx_params (KDF_HKDF *ctx, struct hkdf_all_set_ctx_params_st *p) { @@ -352,20 +355,6 @@ static int hkdf_common_set_ctx_params return 1; } -#define hkdf_set_ctx_params_st hkdf_all_set_ctx_params_st - -{- produce_param_decoder('hkdf_set_ctx_params', - (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', HKDF_MAX_INFOS], - )); -} - static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct hkdf_all_set_ctx_params_st p; @@ -395,16 +384,6 @@ static const OSSL_PARAM *kdf_hkdf_settable_ctx_params(ossl_unused void *ctx, return hkdf_set_ctx_params_list; } -{- produce_param_decoder('hkdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static const OSSL_PARAM *hkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { @@ -520,18 +499,6 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest) return ctx; } -#define hkdf_fixed_digest_set_ctx_params_st hkdf_all_set_ctx_params_st - -{- produce_param_decoder('hkdf_fixed_digest_set_ctx_params', - (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', HKDF_MAX_INFOS], - )); -} - static int kdf_hkdf_fixed_digest_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct hkdf_all_set_ctx_params_st p; @@ -567,7 +534,6 @@ static const OSSL_PARAM *kdf_hkdf_fixed_digest_settable_ctx_params return hkdf_fixed_digest_set_ctx_params_list; } - #define KDF_HKDF_FIXED_DIGEST_NEW(hashname, hashstring) \ static void *kdf_hkdf_##hashname##_new(void *provctx) \ { \ @@ -1005,23 +971,6 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, } } -#define kdf_tls1_3_set_ctx_params_st hkdf_all_set_ctx_params_st - -{- produce_param_decoder('kdf_tls1_3_set_ctx_params', - (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_KDF_PARAM_PREFIX', 'prefix', 'octet_string'], - ['OSSL_KDF_PARAM_LABEL', 'label', 'octet_string'], - ['OSSL_KDF_PARAM_DATA', 'data', 'octet_string'], - )); -} - static int kdf_tls1_3_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct hkdf_all_set_ctx_params_st p; diff --git a/providers/implementations/kdfs/hkdf.inc.in b/providers/implementations/kdfs/hkdf.inc.in new file mode 100644 index 00000000000..150c431c283 --- /dev/null +++ b/providers/implementations/kdfs/hkdf.inc.in @@ -0,0 +1,59 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('hkdf_set_ctx_params', + (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', HKDF_MAX_INFOS], + )); -} + +{- produce_param_decoder('hkdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} + +{- produce_param_decoder('hkdf_fixed_digest_set_ctx_params', + (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', HKDF_MAX_INFOS], + )); -} + +{- produce_param_decoder('kdf_tls1_3_set_ctx_params', + (['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'int'], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_KDF_PARAM_PREFIX', 'prefix', 'octet_string'], + ['OSSL_KDF_PARAM_LABEL', 'label', 'octet_string'], + ['OSSL_KDF_PARAM_DATA', 'data', 'octet_string'], + )); -} diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c.in b/providers/implementations/kdfs/hmacdrbg_kdf.c similarity index 90% rename from providers/implementations/kdfs/hmacdrbg_kdf.c.in rename to providers/implementations/kdfs/hmacdrbg_kdf.c index 64fd2b4f2c7..2d2805b53dd 100644 --- a/providers/implementations/kdfs/hmacdrbg_kdf.c.in +++ b/providers/implementations/kdfs/hmacdrbg_kdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -22,6 +19,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/implementations.h" #include "prov/hmac_drbg.h" #include "prov/provider_ctx.h" +#include "providers/implementations/kdfs/hmacdrbg_kdf.inc" static OSSL_FUNC_kdf_newctx_fn hmac_drbg_kdf_new; static OSSL_FUNC_kdf_dupctx_fn hmac_drbg_kdf_dup; @@ -140,11 +138,6 @@ static int hmac_drbg_kdf_derive(void *vctx, unsigned char *out, size_t outlen, return ossl_drbg_hmac_generate(drbg, out, outlen, NULL, 0); } -{- produce_param_decoder('hmac_drbg_kdf_get_ctx_params', - (['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - )); -} - static int hmac_drbg_kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_HMAC_DRBG *hmac = (KDF_HMAC_DRBG *)vctx; @@ -179,14 +172,6 @@ static const OSSL_PARAM *hmac_drbg_kdf_gettable_ctx_params( return hmac_drbg_kdf_get_ctx_params_list; } -{- produce_param_decoder('hmac_drbg_kdf_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_HMACDRBG_ENTROPY', 'ent', 'octet_string'], - ['OSSL_KDF_PARAM_HMACDRBG_NONCE', 'nonce', 'octet_string'], - )); -} - static int hmac_drbg_kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.inc.in b/providers/implementations/kdfs/hmacdrbg_kdf.inc.in new file mode 100644 index 00000000000..699c9607187 --- /dev/null +++ b/providers/implementations/kdfs/hmacdrbg_kdf.inc.in @@ -0,0 +1,25 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('hmac_drbg_kdf_get_ctx_params', + (['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + )); -} + +{- produce_param_decoder('hmac_drbg_kdf_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_HMACDRBG_ENTROPY', 'ent', 'octet_string'], + ['OSSL_KDF_PARAM_HMACDRBG_NONCE', 'nonce', 'octet_string'], + )); -} diff --git a/providers/implementations/kdfs/kbkdf.c.in b/providers/implementations/kdfs/kbkdf.c similarity index 90% rename from providers/implementations/kdfs/kbkdf.c.in rename to providers/implementations/kdfs/kbkdf.c index 8131e8a56aa..d8fa4d81865 100644 --- a/providers/implementations/kdfs/kbkdf.c.in +++ b/providers/implementations/kdfs/kbkdf.c @@ -7,9 +7,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * This implements https://csrc.nist.gov/publications/detail/sp/800-108/final @@ -54,6 +51,8 @@ use OpenSSL::paramnames qw(produce_param_decoder); #define KBKDF_MAX_INFOS 5 +#include "providers/implementations/kdfs/kbkdf.inc" + typedef enum { COUNTER = 0, FEEDBACK @@ -368,23 +367,6 @@ done: return ret; } -{- produce_param_decoder('kbkdf_set_ctx_params', - (['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', KBKDF_MAX_INFOS], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_SEED', 'seed', 'octet_string'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_CIPHER', 'cipher', 'utf8_string'], - ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], - ['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_KBKDF_USE_L', 'use_l', 'int'], - ['OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR', 'sep', 'int'], - ['OSSL_KDF_PARAM_KBKDF_R', 'r', 'int'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KBKDF *ctx = (KBKDF *)vctx; @@ -485,11 +467,6 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, return kbkdf_set_ctx_params_list; } -{- produce_param_decoder('kbkdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct kbkdf_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/kbkdf.inc.in b/providers/implementations/kdfs/kbkdf.inc.in new file mode 100644 index 00000000000..1cecc84cfdd --- /dev/null +++ b/providers/implementations/kdfs/kbkdf.inc.in @@ -0,0 +1,34 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('kbkdf_set_ctx_params', + (['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', KBKDF_MAX_INFOS], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_SEED', 'seed', 'octet_string'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_CIPHER', 'cipher', 'utf8_string'], + ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], + ['OSSL_KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_KBKDF_USE_L', 'use_l', 'int'], + ['OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR', 'sep', 'int'], + ['OSSL_KDF_PARAM_KBKDF_R', 'r', 'int'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} + +{- produce_param_decoder('kbkdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/kdfs/krb5kdf.c.in b/providers/implementations/kdfs/krb5kdf.c similarity index 95% rename from providers/implementations/kdfs/krb5kdf.c.in rename to providers/implementations/kdfs/krb5kdf.c index 029c668fbf3..03e8fc62c7b 100644 --- a/providers/implementations/kdfs/krb5kdf.c.in +++ b/providers/implementations/kdfs/krb5kdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * DES low level APIs are deprecated for public use, but still ok for internal @@ -33,6 +30,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/provider_ctx.h" #include "prov/provider_util.h" #include "prov/providercommon.h" +#include "providers/implementations/kdfs/krb5kdf.inc" /* KRB5 KDF defined in RFC 3961, Section 5.1 */ @@ -154,14 +152,6 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen, key, keylen); } -{- produce_param_decoder('krb5kdf_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_CIPHER', 'cipher', 'utf8_string'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_CONSTANT', 'cnst', 'octet_string'], - )); -} - static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct krb5kdf_set_ctx_params_st p; @@ -192,10 +182,6 @@ static const OSSL_PARAM *krb5kdf_settable_ctx_params(ossl_unused void *ctx, return krb5kdf_set_ctx_params_list; } -{- produce_param_decoder('krb5kdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int krb5kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct krb5kdf_get_ctx_params_st p; @@ -503,4 +489,3 @@ out: OPENSSL_cleanse(block, EVP_MAX_BLOCK_LENGTH * 2); return ret; } - diff --git a/providers/implementations/kdfs/krb5kdf.inc.in b/providers/implementations/kdfs/krb5kdf.inc.in new file mode 100644 index 00000000000..62124ec5b9c --- /dev/null +++ b/providers/implementations/kdfs/krb5kdf.inc.in @@ -0,0 +1,24 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('krb5kdf_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_CIPHER', 'cipher', 'utf8_string'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_CONSTANT', 'cnst', 'octet_string'], + )); -} + +{- produce_param_decoder('krb5kdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/pbkdf1.c.in b/providers/implementations/kdfs/pbkdf1.c similarity index 92% rename from providers/implementations/kdfs/pbkdf1.c.in rename to providers/implementations/kdfs/pbkdf1.c index 3441d33cb47..6830c5cdf9f 100644 --- a/providers/implementations/kdfs/pbkdf1.c.in +++ b/providers/implementations/kdfs/pbkdf1.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -28,6 +25,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_util.h" +#include "providers/implementations/kdfs/pbkdf1.inc" static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf1_new; static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf1_dup; @@ -227,15 +225,6 @@ static int kdf_pbkdf1_derive(void *vctx, unsigned char *key, size_t keylen, ctx->iter, md, key, keylen); } -{- produce_param_decoder('pbkdf1_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], - )); -} - static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct pbkdf1_set_ctx_params_st p; @@ -268,10 +257,6 @@ static const OSSL_PARAM *kdf_pbkdf1_settable_ctx_params(ossl_unused void *ctx, return pbkdf1_set_ctx_params_list; } -{- produce_param_decoder('pbkdf1_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int kdf_pbkdf1_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct pbkdf1_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/pbkdf1.inc.in b/providers/implementations/kdfs/pbkdf1.inc.in new file mode 100644 index 00000000000..697042061ff --- /dev/null +++ b/providers/implementations/kdfs/pbkdf1.inc.in @@ -0,0 +1,25 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('pbkdf1_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], + )); -} + +{- produce_param_decoder('pbkdf1_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/pbkdf2.c.in b/providers/implementations/kdfs/pbkdf2.c similarity index 93% rename from providers/implementations/kdfs/pbkdf2.c.in rename to providers/implementations/kdfs/pbkdf2.c index ea625502791..37b838b4a42 100644 --- a/providers/implementations/kdfs/pbkdf2.c.in +++ b/providers/implementations/kdfs/pbkdf2.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * HMAC low level APIs are deprecated for public use, but still ok for internal @@ -32,6 +29,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/implementations.h" #include "prov/provider_util.h" #include "prov/securitycheck.h" +#include "providers/implementations/kdfs/pbkdf2.inc" /* Constants specified in SP800-132 */ #define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 @@ -282,16 +280,6 @@ static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen, md, key, keylen, ctx->lower_bound_checks); } -{- produce_param_decoder('pbkdf2_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], - ['OSSL_KDF_PARAM_PKCS5', 'pkcs5', 'int'], - )); -} - static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct pbkdf2_set_ctx_params_st p; @@ -356,11 +344,6 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, return pbkdf2_set_ctx_params_list; } -{- produce_param_decoder('pbkdf2_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_PBKDF2 *ctx = vctx; diff --git a/providers/implementations/kdfs/pbkdf2.inc.in b/providers/implementations/kdfs/pbkdf2.inc.in new file mode 100644 index 00000000000..94ea25a78a1 --- /dev/null +++ b/providers/implementations/kdfs/pbkdf2.inc.in @@ -0,0 +1,27 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('pbkdf2_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], + ['OSSL_KDF_PARAM_PKCS5', 'pkcs5', 'int'], + )); -} + +{- produce_param_decoder('pbkdf2_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/kdfs/pkcs12kdf.c.in b/providers/implementations/kdfs/pkcs12kdf.c similarity index 90% rename from providers/implementations/kdfs/pkcs12kdf.c.in rename to providers/implementations/kdfs/pkcs12kdf.c index 1495bcd2a6b..cc07139ec44 100644 --- a/providers/implementations/kdfs/pkcs12kdf.c.in +++ b/providers/implementations/kdfs/pkcs12kdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -26,6 +23,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_util.h" +#include "providers/implementations/kdfs/pkcs12kdf.inc" static OSSL_FUNC_kdf_newctx_fn kdf_pkcs12_new; static OSSL_FUNC_kdf_dupctx_fn kdf_pkcs12_dup; @@ -243,16 +241,6 @@ static int kdf_pkcs12_derive(void *vctx, unsigned char *key, size_t keylen, ctx->id, ctx->iter, md, key, keylen); } -{- produce_param_decoder('pkcs12_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], - ['OSSL_KDF_PARAM_PKCS12_ID', 'p12id', 'int'], - )); -} - static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct pkcs12_set_ctx_params_st p; @@ -289,10 +277,6 @@ static const OSSL_PARAM *kdf_pkcs12_settable_ctx_params( return pkcs12_set_ctx_params_list; } -{- produce_param_decoder('pkcs12_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int kdf_pkcs12_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct pkcs12_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/pkcs12kdf.inc.in b/providers/implementations/kdfs/pkcs12kdf.inc.in new file mode 100644 index 00000000000..aebd403b3ac --- /dev/null +++ b/providers/implementations/kdfs/pkcs12kdf.inc.in @@ -0,0 +1,26 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('pkcs12_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_ITER', 'iter', 'uint64'], + ['OSSL_KDF_PARAM_PKCS12_ID', 'p12id', 'int'], + )); -} + +{- produce_param_decoder('pkcs12_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/pvkkdf.c.in b/providers/implementations/kdfs/pvkkdf.c similarity index 90% rename from providers/implementations/kdfs/pvkkdf.c.in rename to providers/implementations/kdfs/pvkkdf.c index 59a67f0e137..40afdcc127b 100644 --- a/providers/implementations/kdfs/pvkkdf.c.in +++ b/providers/implementations/kdfs/pvkkdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -21,6 +18,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_util.h" +#include "providers/implementations/kdfs/pvkkdf.inc" static OSSL_FUNC_kdf_newctx_fn kdf_pvk_new; static OSSL_FUNC_kdf_dupctx_fn kdf_pvk_dup; @@ -181,14 +179,6 @@ static int kdf_pvk_derive(void *vctx, unsigned char *key, size_t keylen, return res; } -{- produce_param_decoder('pvk_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_PASSWORD', 'pass', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - )); -} - static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct pvk_set_ctx_params_st p; @@ -219,10 +209,6 @@ static const OSSL_PARAM *kdf_pvk_settable_ctx_params(ossl_unused void *ctx, return pvk_set_ctx_params_list; } -{- produce_param_decoder('pvk_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int kdf_pvk_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct pvk_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/pvkkdf.inc.in b/providers/implementations/kdfs/pvkkdf.inc.in new file mode 100644 index 00000000000..17dfa2f61e3 --- /dev/null +++ b/providers/implementations/kdfs/pvkkdf.inc.in @@ -0,0 +1,24 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('pvk_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_PASSWORD', 'pass', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + )); -} + +{- produce_param_decoder('pvk_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/scrypt.c.in b/providers/implementations/kdfs/scrypt.c similarity index 94% rename from providers/implementations/kdfs/scrypt.c.in rename to providers/implementations/kdfs/scrypt.c index 4462b60dadd..d9fed24c542 100644 --- a/providers/implementations/kdfs/scrypt.c.in +++ b/providers/implementations/kdfs/scrypt.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -25,6 +22,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/provider_ctx.h" #include "prov/providercommon.h" #include "prov/provider_util.h" +#include "providers/implementations/kdfs/scrypt.inc" #ifndef OPENSSL_NO_SCRYPT @@ -218,16 +216,6 @@ static int is_power_of_two(uint64_t value) return (value != 0) && ((value & (value - 1)) == 0); } -{- produce_param_decoder('scrypt_set_ctx_params', - (['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_SCRYPT_N', 'n', 'uint64'], - ['OSSL_KDF_PARAM_SCRYPT_R', 'r', 'uint32'], - ['OSSL_KDF_PARAM_SCRYPT_P', 'p', 'uint32'], - ['OSSL_KDF_PARAM_SCRYPT_MAXMEM', 'maxmem', 'uint64'], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - )); -} - static int kdf_scrypt_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct scrypt_set_ctx_params_st p; @@ -284,10 +272,6 @@ static const OSSL_PARAM *kdf_scrypt_settable_ctx_params(ossl_unused void *ctx, return scrypt_set_ctx_params_list; } -{- produce_param_decoder('scrypt_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - )); -} - static int kdf_scrypt_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct scrypt_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/scrypt.inc.in b/providers/implementations/kdfs/scrypt.inc.in new file mode 100644 index 00000000000..d798d8c045b --- /dev/null +++ b/providers/implementations/kdfs/scrypt.inc.in @@ -0,0 +1,26 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('scrypt_set_ctx_params', + (['OSSL_KDF_PARAM_PASSWORD', 'pw', 'octet_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_SCRYPT_N', 'n', 'uint64'], + ['OSSL_KDF_PARAM_SCRYPT_R', 'r', 'uint32'], + ['OSSL_KDF_PARAM_SCRYPT_P', 'p', 'uint32'], + ['OSSL_KDF_PARAM_SCRYPT_MAXMEM', 'maxmem', 'uint64'], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + )); -} + +{- produce_param_decoder('scrypt_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + )); -} diff --git a/providers/implementations/kdfs/sshkdf.c.in b/providers/implementations/kdfs/sshkdf.c similarity index 90% rename from providers/implementations/kdfs/sshkdf.c.in rename to providers/implementations/kdfs/sshkdf.c index 8ef5b688eb8..4d584374474 100644 --- a/providers/implementations/kdfs/sshkdf.c.in +++ b/providers/implementations/kdfs/sshkdf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include #include @@ -25,6 +22,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/implementations.h" #include "prov/provider_util.h" #include "prov/securitycheck.h" +#include "providers/implementations/kdfs/sshkdf.inc" /* See RFC 4253, Section 7.2 */ static OSSL_FUNC_kdf_newctx_fn kdf_sshkdf_new; @@ -209,18 +207,6 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, ctx->type, key, keylen); } -{- produce_param_decoder('sshkdf_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], - ['OSSL_KDF_PARAM_SSHKDF_XCGHASH', 'xcg', 'octet_string'], - ['OSSL_KDF_PARAM_SSHKDF_SESSION_ID', 'sid', 'octet_string'], - ['OSSL_KDF_PARAM_SSHKDF_TYPE', 'type', 'utf8_string'], - ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct sshkdf_set_ctx_params_st p; @@ -297,11 +283,6 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, return sshkdf_set_ctx_params_list; } -{- produce_param_decoder('sshkdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; diff --git a/providers/implementations/kdfs/sshkdf.inc.in b/providers/implementations/kdfs/sshkdf.inc.in new file mode 100644 index 00000000000..85e1fdf951f --- /dev/null +++ b/providers/implementations/kdfs/sshkdf.inc.in @@ -0,0 +1,29 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('sshkdf_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_KEY', 'key', 'octet_string'], + ['OSSL_KDF_PARAM_SSHKDF_XCGHASH', 'xcg', 'octet_string'], + ['OSSL_KDF_PARAM_SSHKDF_SESSION_ID', 'sid', 'octet_string'], + ['OSSL_KDF_PARAM_SSHKDF_TYPE', 'type', 'utf8_string'], + ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} + +{- produce_param_decoder('sshkdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/kdfs/sskdf.c.in b/providers/implementations/kdfs/sskdf.c similarity index 90% rename from providers/implementations/kdfs/sskdf.c.in rename to providers/implementations/kdfs/sskdf.c index 3b3cada8d34..2fac552d8da 100644 --- a/providers/implementations/kdfs/sskdf.c.in +++ b/providers/implementations/kdfs/sskdf.c @@ -7,9 +7,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final @@ -553,6 +550,11 @@ struct sskdf_all_set_ctx_params_st { int num_info; }; +#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st +#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st + +#include "providers/implementations/kdfs/sskdf.inc" + static int sskdf_common_set_ctx_params (KDF_SSKDF *ctx, struct sskdf_all_set_ctx_params_st *p, const OSSL_PARAM *params) @@ -608,21 +610,6 @@ static int sskdf_common_set_ctx_params return 1; } -#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st - -{- produce_param_decoder('sskdf_set_ctx_params', - (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; @@ -652,11 +639,6 @@ static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx, return sskdf_set_ctx_params_list; } -{- produce_param_decoder('sskdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; @@ -682,22 +664,6 @@ static const OSSL_PARAM *sskdf_common_gettable_ctx_params return sskdf_get_ctx_params_list; } -#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st - -{- produce_param_decoder('x963kdf_set_ctx_params', - (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; diff --git a/providers/implementations/kdfs/sskdf.inc.in b/providers/implementations/kdfs/sskdf.inc.in new file mode 100644 index 00000000000..a90d0ebf8fb --- /dev/null +++ b/providers/implementations/kdfs/sskdf.inc.in @@ -0,0 +1,44 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('sskdf_set_ctx_params', + (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} + +{- produce_param_decoder('sskdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} + +{- produce_param_decoder('x963kdf_set_ctx_params', + (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], + ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], + ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c similarity index 94% rename from providers/implementations/kdfs/tls1_prf.c.in rename to providers/implementations/kdfs/tls1_prf.c index 8dc4e44cd69..f65c9eb71d8 100644 --- a/providers/implementations/kdfs/tls1_prf.c.in +++ b/providers/implementations/kdfs/tls1_prf.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} /* * Refer to "The TLS Protocol Version 1.0" Section 5 @@ -97,6 +94,8 @@ static int tls1_prf_alg(EVP_MAC_CTX *mdctx, EVP_MAC_CTX *sha1ctx, #define TLSPRF_MAX_SEEDS 6 +#include "providers/implementations/kdfs/tls1_prf.inc" + /* TLS KDF kdf context structure */ typedef struct { void *provctx; @@ -286,17 +285,6 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, key, keylen); } -{- produce_param_decoder('tls1prf_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_SEED', 'seed', 'octet_string', TLSPRF_MAX_SEEDS], - ['OSSL_KDF_PARAM_FIPS_EMS_CHECK', 'ind_e', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct tls1prf_set_ctx_params_st p; @@ -428,11 +416,6 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( return tls1prf_set_ctx_params_list; } -{- produce_param_decoder('tls1prf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { struct tls1prf_get_ctx_params_st p; diff --git a/providers/implementations/kdfs/tls1_prf.inc.in b/providers/implementations/kdfs/tls1_prf.inc.in new file mode 100644 index 00000000000..9f04f59861b --- /dev/null +++ b/providers/implementations/kdfs/tls1_prf.inc.in @@ -0,0 +1,28 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('tls1prf_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_SEED', 'seed', 'octet_string', TLSPRF_MAX_SEEDS], + ['OSSL_KDF_PARAM_FIPS_EMS_CHECK', 'ind_e', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} + +{- produce_param_decoder('tls1prf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} diff --git a/providers/implementations/kdfs/x942kdf.c.in b/providers/implementations/kdfs/x942kdf.c similarity index 92% rename from providers/implementations/kdfs/x942kdf.c.in rename to providers/implementations/kdfs/x942kdf.c index 5b4dd086099..09ed47cedd7 100644 --- a/providers/implementations/kdfs/x942kdf.c.in +++ b/providers/implementations/kdfs/x942kdf.c @@ -7,9 +7,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -{- -use OpenSSL::paramnames qw(produce_param_decoder); --} #include "internal/e_os.h" #include @@ -28,6 +25,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "prov/provider_util.h" #include "prov/securitycheck.h" #include "prov/der_wrap.h" +#include "providers/implementations/kdfs/x942kdf.inc" #define X942KDF_MAX_INLEN (1 << 30) @@ -529,23 +527,6 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, return ret; } -{- produce_param_decoder('sshkdf_set_ctx_params', - (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_UKM', 'uinfo', 'octet_string'], - ['OSSL_KDF_PARAM_X942_ACVPINFO', 'acvp', 'octet_string'], - ['OSSL_KDF_PARAM_X942_PARTYUINFO', 'uinfo', 'octet_string'], - ['OSSL_KDF_PARAM_X942_PARTYVINFO', 'vinfo', 'octet_string'], - ['OSSL_KDF_PARAM_X942_SUPP_PUBINFO', 'pub', 'octet_string'], - ['OSSL_KDF_PARAM_X942_SUPP_PRIVINFO', 'priv', 'octet_string'], - ['OSSL_KDF_PARAM_X942_USE_KEYBITS', 'kbits', 'int'], - ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} - static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { struct sshkdf_set_ctx_params_st p; @@ -628,11 +609,6 @@ static const OSSL_PARAM *x942kdf_settable_ctx_params(ossl_unused void *ctx, return sshkdf_set_ctx_params_list; } -{- produce_param_decoder('sshkdf_get_ctx_params', - (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], - )); -} - static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_X942 *ctx = (KDF_X942 *)vctx; diff --git a/providers/implementations/kdfs/x942kdf.inc.in b/providers/implementations/kdfs/x942kdf.inc.in new file mode 100644 index 00000000000..538bf2b3d2f --- /dev/null +++ b/providers/implementations/kdfs/x942kdf.inc.in @@ -0,0 +1,34 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('sshkdf_set_ctx_params', + (['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_UKM', 'uinfo', 'octet_string'], + ['OSSL_KDF_PARAM_X942_ACVPINFO', 'acvp', 'octet_string'], + ['OSSL_KDF_PARAM_X942_PARTYUINFO', 'uinfo', 'octet_string'], + ['OSSL_KDF_PARAM_X942_PARTYVINFO', 'vinfo', 'octet_string'], + ['OSSL_KDF_PARAM_X942_SUPP_PUBINFO', 'pub', 'octet_string'], + ['OSSL_KDF_PARAM_X942_SUPP_PRIVINFO', 'priv', 'octet_string'], + ['OSSL_KDF_PARAM_X942_USE_KEYBITS', 'kbits', 'int'], + ['OSSL_KDF_PARAM_CEK_ALG', 'cekalg', 'utf8_string'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} + +{- produce_param_decoder('sshkdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} -- 2.47.3