diff options
| author | Pauli <pauli@openssl.org> | 2023-04-13 12:19:26 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-04-26 08:01:46 +1000 |
| commit | 345b42be90448523a335b9369452ea1159a1282a (patch) | |
| tree | a07f36c3cd97f86607cfa186dc2c3ed9140de647 /providers | |
| parent | 79523d55923e7f61104cc7269131fd6a975b579f (diff) | |
| download | openssl-new-345b42be90448523a335b9369452ea1159a1282a.tar.gz | |
Update KDFs to use shared functions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20724)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/kdfs/hkdf.c | 63 | ||||
| -rw-r--r-- | providers/implementations/kdfs/kbkdf.c | 35 | ||||
| -rw-r--r-- | providers/implementations/kdfs/sskdf.c | 53 |
3 files changed, 42 insertions, 109 deletions
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 2b81dea60a..f0b46a1fc5 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -30,6 +30,7 @@ #include "prov/implementations.h" #include "prov/provider_util.h" #include "internal/e_os.h" +#include "internal/params.h" #define HKDF_MAXBUF 2048 #define HKDF_MAXINFO (32*1024) @@ -274,44 +275,8 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) return 1; } -/* - * Use WPACKET to concat one or more OSSL_KDF_PARAM_INFO fields into a fixed - * out buffer of size *outlen. - * If out is NULL then outlen is used to return the required buffer size. - */ -static int setinfo_fromparams(const OSSL_PARAM *p, unsigned char *out, size_t *outlen) -{ - int ret = 0; - WPACKET pkt; - - if (out == NULL) { - if (!WPACKET_init_null(&pkt, 0)) - return 0; - } else { - if (!WPACKET_init_static_len(&pkt, out, *outlen, 0)) - return 0; - } - - for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, OSSL_KDF_PARAM_INFO)) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) - goto err; - if (p->data != NULL - && p->data_size != 0 - && !WPACKET_memcpy(&pkt, p->data, p->data_size)) - goto err; - } - if (!WPACKET_get_total_written(&pkt, outlen) - || !WPACKET_finish(&pkt)) - goto err; - ret = 1; -err: - WPACKET_cleanup(&pkt); - return ret; -} - static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { - const OSSL_PARAM *p; KDF_HKDF *ctx = vctx; if (params == NULL) @@ -320,29 +285,11 @@ static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!hkdf_common_set_ctx_params(ctx, params)) return 0; - /* The info fields concatenate, so process them all */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) { - size_t sz = 0; - - /* calculate the total size */ - if (!setinfo_fromparams(p, NULL, &sz)) - return 0; - if (sz > HKDF_MAXINFO) - return 0; + if (ossl_param_get1_concat_octet_string(params, OSSL_KDF_PARAM_INFO, + &ctx->info, &ctx->info_len, + HKDF_MAXINFO) == 0) + return 0; - OPENSSL_clear_free(ctx->info, ctx->info_len); - ctx->info = NULL; - if (sz == 0) - return 1; - /* Alloc the buffer */ - ctx->info = OPENSSL_malloc(sz); - if (ctx->info == NULL) - return 0; - ctx->info_len = sz; - /* Concat one or more OSSL_KDF_PARAM_INFO fields */ - if (!setinfo_fromparams(p, ctx->info, &sz)) - return 0; - } return 1; } diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index a1a467249f..2460236b31 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -45,6 +45,7 @@ #include "prov/providercommon.h" #include "internal/e_os.h" +#include "internal/params.h" #define ossl_min(a, b) ((a) < (b)) ? (a) : (b) @@ -341,17 +342,6 @@ done: return ret; } -static int kbkdf_set_buffer(unsigned char **out, size_t *out_len, - const OSSL_PARAM *p) -{ - if (p->data == NULL || p->data_size == 0) - return 1; - - OPENSSL_clear_free(*out, *out_len); - *out = NULL; - return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); -} - static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KBKDF *ctx = (KBKDF *)vctx; @@ -391,21 +381,22 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; } - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY); - if (p != NULL && !kbkdf_set_buffer(&ctx->ki, &ctx->ki_len, p)) - return 0; + if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_KEY, + &ctx->ki, &ctx->ki_len) == 0) + return 0; - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT); - if (p != NULL && !kbkdf_set_buffer(&ctx->label, &ctx->label_len, p)) - return 0; + if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SALT, + &ctx->label, &ctx->label_len) == 0) + return 0; - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO); - if (p != NULL && !kbkdf_set_buffer(&ctx->context, &ctx->context_len, p)) + if (ossl_param_get1_concat_octet_string(params, OSSL_KDF_PARAM_INFO, + &ctx->context, &ctx->context_len, + 0) == 0) return 0; - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED); - if (p != NULL && !kbkdf_set_buffer(&ctx->iv, &ctx->iv_len, p)) - return 0; + if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SEED, + &ctx->iv, &ctx->iv_len) == 0) + return 0; p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_L); if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l)) diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 68b3db4b11..ca5042b22d 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -50,6 +50,7 @@ #include "prov/providercommon.h" #include "prov/implementations.h" #include "prov/provider_util.h" +#include "internal/params.h" typedef struct { void *provctx; @@ -350,16 +351,6 @@ static void *sskdf_dup(void *vctx) return NULL; } -static int sskdf_set_buffer(unsigned char **out, size_t *out_len, - const OSSL_PARAM *p) -{ - if (p->data == NULL || p->data_size == 0) - return 1; - OPENSSL_free(*out); - *out = NULL; - return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); -} - static size_t sskdf_size(KDF_SSKDF *ctx) { int len; @@ -480,6 +471,7 @@ static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) KDF_SSKDF *ctx = vctx; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); size_t sz; + int r; if (params == NULL) return 1; @@ -487,29 +479,32 @@ static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params, NULL, NULL, NULL, libctx)) return 0; - if (ctx->macctx != NULL) { - if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC128) - || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC256)) { - ctx->is_kmac = 1; - } - } + if (ctx->macctx != NULL) { + if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC128) + || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC256)) { + ctx->is_kmac = 1; + } + } - if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) - return 0; + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) + return 0; - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL - || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) - if (!sskdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) - return 0; + r = ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SECRET, + &ctx->secret, &ctx->secret_len); + if (r == -1) + r = ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_KEY, + &ctx->secret, &ctx->secret_len); + if (r == 0) + return 0; - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) - if (!sskdf_set_buffer(&ctx->info, &ctx->info_len, p)) - return 0; + if (ossl_param_get1_concat_octet_string(params, OSSL_KDF_PARAM_INFO, + &ctx->info, &ctx->info_len, 0) == 0) + return 0; - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) - if (!sskdf_set_buffer(&ctx->salt, &ctx->salt_len, p)) + if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SALT, + &ctx->salt, &ctx->salt_len) == 0) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC_SIZE)) |