From: Pauli Date: Fri, 26 Feb 2021 00:07:23 +0000 (+1000) Subject: prov: add extra params argument to KDF implementations X-Git-Tag: openssl-3.0.0-alpha13~114 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3469b388164775546022635d6695cae17104faa6;p=thirdparty%2Fopenssl.git prov: add extra params argument to KDF implementations Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14310) --- diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index b24b7452167..24052f4d636 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -123,12 +123,13 @@ static size_t kdf_hkdf_size(KDF_HKDF *ctx) return sz; } -static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen) +static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_hkdf_set_ctx_params(ctx, params)) return 0; md = ossl_prov_digest_md(&ctx->digest); diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index ab6e5c87a96..2f6171baa76 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -209,7 +209,8 @@ done: return ret; } -static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen) +static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KBKDF *ctx = (KBKDF *)vctx; int ret = 0; @@ -217,7 +218,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen) uint32_t l = 0; size_t h = 0; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params)) return 0; /* label, context, and iv are permitted to be empty. Check everything diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 35d6ccb680a..041c3e32b2f 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -101,14 +101,14 @@ static int krb5kdf_set_membuf(unsigned char **dst, size_t *dst_len, return OSSL_PARAM_get_octet_string(p, (void **)dst, 0, dst_len); } -static int krb5kdf_derive(void *vctx, unsigned char *key, - size_t keylen) +static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx; const EVP_CIPHER *cipher; ENGINE *engine; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params)) return 0; cipher = ossl_prov_cipher_cipher(&ctx->cipher); diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index 9d993dc5450..ce27fe9b393 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -139,13 +139,13 @@ static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, return 1; } -static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, - size_t keylen) +static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_pbkdf2_set_ctx_params(ctx, params)) return 0; if (ctx->pass == NULL) { diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c index ce49c2844c5..bea6dffeca8 100644 --- a/providers/implementations/kdfs/pkcs12kdf.c +++ b/providers/implementations/kdfs/pkcs12kdf.c @@ -195,13 +195,13 @@ static int pkcs12kdf_set_membuf(unsigned char **buffer, size_t *buflen, return 1; } -static int kdf_pkcs12_derive(void *vctx, unsigned char *key, - size_t keylen) +static int kdf_pkcs12_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_PKCS12 *ctx = (KDF_PKCS12 *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_pkcs12_set_ctx_params(ctx, params)) return 0; if (ctx->pass == NULL) { diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c index de53d3e129a..6c61d3bb3cb 100644 --- a/providers/implementations/kdfs/scrypt.c +++ b/providers/implementations/kdfs/scrypt.c @@ -147,12 +147,12 @@ static int set_property_query(KDF_SCRYPT *ctx, const char *propq) return 1; } -static int kdf_scrypt_derive(void *vctx, unsigned char *key, - size_t keylen) +static int kdf_scrypt_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_scrypt_set_ctx_params(ctx, params)) return 0; if (ctx->pass == NULL) { diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index 90b7666450e..f99a6a74135 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -94,13 +94,13 @@ static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len, return OSSL_PARAM_get_octet_string(p, (void **)dst, 0, dst_len); } -static int kdf_sshkdf_derive(void *vctx, unsigned char *key, - size_t keylen) +static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_sshkdf_set_ctx_params(ctx, params)) return 0; md = ossl_prov_digest_md(&ctx->digest); diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index d040e49c2ac..118c44cfa75 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -342,12 +342,13 @@ static size_t sskdf_size(KDF_SSKDF *ctx) return (len <= 0) ? 0 : (size_t)len; } -static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) +static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !sskdf_set_ctx_params(ctx, params)) return 0; if (ctx->secret == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); @@ -411,12 +412,13 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) } } -static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen) +static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; const EVP_MD *md; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !sskdf_set_ctx_params(ctx, params)) return 0; if (ctx->secret == NULL) { diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index af9adc30961..4204f03b3aa 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -131,12 +131,12 @@ static void kdf_tls1_prf_reset(void *vctx) ctx->provctx = provctx; } -static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, - size_t keylen) +static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !kdf_tls1_prf_set_ctx_params(ctx, params)) return 0; if (ctx->P_hash == NULL) { diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c index a220eca80fa..ca478bc8830 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -392,7 +392,8 @@ static size_t x942kdf_size(KDF_X942 *ctx) return (len <= 0) ? 0 : (size_t)len; } -static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) +static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { KDF_X942 *ctx = (KDF_X942 *)vctx; const EVP_MD *md; @@ -401,7 +402,7 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) unsigned char *der = NULL; size_t der_len = 0; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || !x942kdf_set_ctx_params(ctx, params)) return 0; /*