From: Pauli Date: Fri, 26 Feb 2021 00:06:11 +0000 (+1000) Subject: evp: add param argument to KDF derive call X-Git-Tag: openssl-3.0.0-alpha13~117 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7c75f2daf8b50c92bfb5c17fa62136e61f6eb515;p=thirdparty%2Fopenssl.git evp: add param argument to KDF derive call Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14310) --- diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 36f8eb2ea84..5fe022a142c 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -137,12 +137,13 @@ size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx) return 0; } -int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) { if (ctx == NULL) return 0; - return ctx->meth->derive(ctx->data, key, keylen); + return ctx->meth->derive(ctx->data, key, keylen, params); } /* diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 90e8f5adcfb..7a012026c5c 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -25,7 +25,8 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); - int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); + int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]); int EVP_KDF_up_ref(EVP_KDF *kdf); void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, @@ -56,9 +57,10 @@ The EVP KDF routines are a high-level interface to Key Derivation Function algorithms and should be used instead of algorithm-specific functions. After creating a B for the required algorithm using -EVP_KDF_CTX_new(), inputs to the algorithm are supplied -using calls to EVP_KDF_CTX_set_params() before -calling EVP_KDF_derive() to derive the key. +EVP_KDF_CTX_new(), inputs to the algorithm are supplied either by +passing them as part of the EVP_KDF_derive() call or using calls +to EVP_KDF_CTX_set_params() before calling EVP_KDF_derive() to derive +the key. =head2 Types @@ -99,9 +101,10 @@ I. EVP_KDF_CTX_reset() resets the context to the default state as if the context had just been created. -EVP_KDF_derive() derives I bytes of key material and places it in the -I buffer. If the algorithm produces a fixed amount of output then an -error will occur unless the I parameter is equal to that output size, +EVP_KDF_derive() processes any parameters in I and then derives +I bytes of key material and places it in the I buffer. +If the algorithm produces a fixed amount of output then an error will +occur unless the I parameter is equal to that output size, as returned by EVP_KDF_CTX_get_kdf_size(). EVP_KDF_get_params() retrieves details about the implementation diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index f1bc9a7709f..4c1397f909d 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -41,7 +41,8 @@ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); -int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);