evp: add param argument to KDF derive call

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)

diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index 36f8eb2ea8437e5c42d19b498371ad485e9dfd98..5fe022a142cbbe75580f7b446616e2fb3542c88a 100644 (file)
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -137,12 +137,13 @@ size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx)
     return 0;
 }
 
-int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen)
+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
+                   const OSSL_PARAM params[])
 {
     if (ctx == NULL)
         return 0;
 
-    return ctx->meth->derive(ctx->data, key, keylen);
+    return ctx->meth->derive(ctx->data, key, keylen, params);
 }
 
 /*

diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index 90e8f5adcfb2d25686b7d9cf30091e3ab6bd18ff..7a012026c5cbd3e0d7a3f853f1bdb15ff9a2ff51 100644 (file)
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -25,7 +25,8 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines
  EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
  void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
  size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx);
- int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
+                    const OSSL_PARAM params[]);
  int EVP_KDF_up_ref(EVP_KDF *kdf);
  void EVP_KDF_free(EVP_KDF *kdf);
  EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
@@ -56,9 +57,10 @@ The EVP KDF routines are a high-level interface to Key Derivation Function
 algorithms and should be used instead of algorithm-specific functions.
 
 After creating a B<EVP_KDF_CTX> for the required algorithm using
-EVP_KDF_CTX_new(), inputs to the algorithm are supplied
-using calls to EVP_KDF_CTX_set_params() before
-calling EVP_KDF_derive() to derive the key.
+EVP_KDF_CTX_new(), inputs to the algorithm are supplied either by
+passing them as part of the EVP_KDF_derive() call or using calls
+to EVP_KDF_CTX_set_params() before calling EVP_KDF_derive() to derive
+the key.
 
 =head2 Types
 
@@ -99,9 +101,10 @@ I<ctx>.
 EVP_KDF_CTX_reset() resets the context to the default state as if the context
 had just been created.
 
-EVP_KDF_derive() derives I<keylen> bytes of key material and places it in the
-I<key> buffer.  If the algorithm produces a fixed amount of output then an
-error will occur unless the I<keylen> parameter is equal to that output size,
+EVP_KDF_derive() processes any parameters in I<Params> and then derives
+I<keylen> bytes of key material and places it in the I<key> buffer.
+If the algorithm produces a fixed amount of output then an error will
+occur unless the I<keylen> parameter is equal to that output size,
 as returned by EVP_KDF_CTX_get_kdf_size().
 
 EVP_KDF_get_params() retrieves details about the implementation

diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index f1bc9a7709ffdcdd7fb11474bef646180e7aa561..4c1397f909dcdfbe78e5a783a91aef0c4514d386 100644 (file)
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -41,7 +41,8 @@ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
 
 void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
 size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx);
-int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
+                   const OSSL_PARAM params[]);
 int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
 int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
 int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);